Change of Working Culture:
Analyze, Limitation, Documentation, Account

Start In Use:
The new EU General Data Protection Regulation (GDPR - 2016/679) is the largest change in data protection legislation in the last 20 years and is directly applicable to all Member States from 25/05/2018 without the need for state legislation.

Purpose of the regulation:
The purpose of the application is to remove the legal ambiguities and insecurities created by the previous legal framework, the strengthening of fundamental rights and freedoms of individuals and the uniformity of the legal framework in all Member States. The law applies to companies within the EU, but also to those with a seat in the EU and a place of processing outside the EU, or a seat outside the EU and a place of processing outside the EU.

Field Of Application:
Regulation 2016/679 applies to all bodies (private and public enterprises, state authorities, associations, etc.) that manage, process, store and distribute personal data, whether they are based and operating in a European Union country or not, as long as the data relates to European citizens or relates to any kind of services and goods to European citizens.

Controls and Penalties:
The Authority for the Protection of Personal Data is granted the right to control compliance with the Regulation. In case of violation, fines of 10,000,000 euros or 2% of the total annual annual turnover of the previous financial year (depending on which is higher) are provided for violations of the obligations of Art. 8, 11, 25 to 39, 41 par. , 42 and 43 and fines of 20,000,000 euros or 4% of the total global turnover of the previous financial year (depending on which is higher) for violations of basic principles (no. 5,6,6,7,9), Subject rights (art. 12 to 22) and the conditions for transfer to a recipient in a third country (art. 44 to 49). Finally, the right to compensation of the subject and the responsibility of the controller are defined.

Image

The basic changes brought about by the regulation

1.INCREASED RIGHTS OF THE SUBMITTED DATA
The data subject now has increased rights including: right to forget, right to restrict processing, right to correction, right to portability, obligation to notify in case of violation.

2. INSPIRATION OF CHILDREN'S PROTECTION
Enhancing the protection of minors who are classified as “vulnerable individuals” with stricter rules and obligations for the controller as well as a stricter framework for the consent of data subjects.

3. KNOWLEDGE OF PRODUCTION OF DATA OF PERSONAL CHARACTER
The controller must, in the event of a breach, notify the Authority for the Protection of Personal Data within 72 hours and in some cases the subject himself.

4. DATA PROTECTION BY DESIGN AND BY DEFAULT
The controller must apply both at the time of determining the means of processing and at the time of processing, appropriate technical and organizational measures to meet the requirements of this Regulation and to protect the rights of data subjects.

5. RESPONSIBILITY OF THE CONDITIONS OF THE COMPLETION PROCEDURE OF THE SUBMITTED DATA
When the processing is based on the consent of the subject, it must now be explicit and fully aware of it, and in addition the possibility of revoking it is provided.

6. REPLACEMENT OF ANTIQUE RELATED TO THE PROTECTION OF THE DATA
In cases where the processing may pose a high risk to the rights and freedoms of natural persons, the controller shall, prior to processing, assess the impact of the planned processing operations on the protection of personal data.

7. ARCHIVES OF ACTIVITY ACTIVITIES
Each controller must keep a record of the processing activities for which he is responsible.

Change of Working Culture:
Analyze, Limitation, Documentation, Account

Observance of the principles
governing the regulation

The new regulation strengthens the established framework for the protection of personal data, establishing new obligations for the person in charge of personal data processing with 3 main axes: compliance with predetermined basic principles for processing personal data, taking appropriate technical and organizational measures and strengthening rights. of the subjects as they are presented in detail below:
LAWFULNESS, FAIRNESS AND TRANSPARENCY
The data is processed in a legal, legitimate and transparent manner.
DATA MINIMISATION
The data is appropriate, relevant and limited to the purposes for which it is being processed.
STORAGE LIMITATION
The data is kept in a form that allows the data subjects to be identified only for the period required for the purposes of processing personal data.
PURPOSE LIMITATION
Data collection is for specific, explicit and legal purposes and is not further processed in a manner incompatible with those purposes.
ACCURACY
The data must be accurate, up-to-date and all reasonable measures must be taken to immediately delete or correct personal data which is inaccurate in relation to the purposes of the processing.
INTEGRITY AND CONFIDENTIALITY
The data is processed in a way that guarantees the appropriate security of personal data.
Image
The controller is responsible for proving compliance with the above principles.


Strengthening the Rights of Subjects (Individuals)

Image
• Right of revocation of the already given consent (art. 7)
• Right of deletion (art. 17)
• Right of opposition (art. 21)
• Right to access data - copyright (art. 15)
• Right to restrict processing (art. 18)
• Right of correction (art. 16)
• Right to portability (art.20)

Necessary Technical & Organizational Measures

Image

• Implement data protection measures already by design and by default.

• Keeping the activity file updated.

• Impact assessment on data protection.

• Define of Personal Data Protection Officer (DPO).

• Elaboration and compliance with the Code of Ethics.

Change of Working Culture:
Analyze, Limitation, Documentation, Account

 

ΣΥΜΜΟΡΦΩΣΗ ΚΑΙ ΕΤΟΙΜΟΤΗΤΑ

  • Αξιολόγηση της ετοιμότητας
  • Χάρτης Πορείας ΓΚΠΔ
  • Αξιολόγηση του επιχειρησιακού αντίκτυπου
  • Πολιτικές ασφάλειας

ΣΧΕΔΙΑΣΜΟΣ ΤΕΧΝΙΚΩΝ ΕΚΘΕΣΕΩΝ

  • Επιχειρησιακό πλάνο
  • Μεθοδολογική προσέγγιση
  • Χρονοπρογραμματισμός
  • Λειτουργικός σχεδιασμός επιχειρησιακού μοντέλου
  • Ασφαλής υλοποίηση

ΨΗΦΙΑΚΗ ΤΕΧΝΟΛΟΓΙΑ ΙΔΙΩΤΙΚΟΤΗΤΑ

  • Χαρτογράφηση των δεδομένων
  • Αποθετήριο δεδομένων
  • Ψευδωνυμοποίηση
  • Κρυπτογράφηση
  • Ηλεκτρονική ιδιωτικότητα

ΔΙΑΧΕΙΡΙΣΗ ΚΙΝΔΥΝΩΝ

  • Αποτίμηση επιχειρησιακών κινδύνων
  • Επισκόπηση αξιολογήσεων
  • Ασφαλής Διαχείριση των πληροφοριών

ΕΝΗΜΕΡΩΣΗ ΚΑΙ ΕΚΠΑΙΔΕΥΣΗ

  • Ενημέρωση για θέματα ασφάλειας και Ιδιωτικότητας
  • Εκπαίδευση προσωπικού για ασφαλή διαχείριση της πληροφορίας
  • Εξοικείωση με τους ηλεκτρονικούς υπολογιστές
  • Ήθη και αλλαγές της επιχειρηματικής συνέχειας

ΠΡΟΗΓΜΕΝΗ ΑΣΦΑΛΕΙΑ

  • Έρευνα παραβίασης των προσωπικών δεδομένων
Image
Image
Image