EU GDPR and EU ePrivacy Regulation Compliance Improvement and Certification
We are supporting your business on EU GDPR, ePrivacy regulation, and relevant data protection compliance.
Following the implementation of the “Personal Data Protection Act” in worldwide, the EU-US Privacy Shield Framework between the United States and the European Union, the EU General Data Protection Regulations (EU GDPR) were enforced by the European Union by May 25, 2018, it requires the organizations to protect the personal data.
Therefore, the organization must establish a systematic management mechanism (for example, the BS 10012:2017, PIMS, personal data management system, or ISO/IEC 27701:2019, PIMS, Privacy Information Management System) to comply with the regulation, and the data protection principles required by GDPR article 5, for example, the appointment of dedicated personnel responsible for personal data inventory, education, and training, communication, notification, data protection, and control measures (for example, integration with ISO 27001 information security management and ISO 22301 business continuity management).
To demonstrate compliance, the organization shall take the following regulation into consideration:
- REGULATION (EU) 2016/679 - EU GDPR (General Data Protection Regulation)
- DIRECTIVE (EU) 2016/680 - criminal offenses or the execution of criminal penalties
- Regulation on "Privacy" and "Electronic Communications
Who should apply?
This is intended for those organizations that been requested to comply with EU GDPR.
- Personal data controller and processor;
- IT or web-based services, IT Products developer, manufacturer;
- "Smart"-based service provider;
- Service/supply chain/outsource provider.
- Demonstrate that personal data processes comply with EU GDPR's personal data processing principles;
- Demonstrate that technically comply with EU GDPR's requirements, i.e. encryption, access control.
- Demonstrate the EU GDPR compliance by Trusted Site Privacy Certification by TUViT.
- Improve the overall understanding of EU GDPR and data protection compliance requirements.
- Identify the opportunity for improvements in personal data protection in the organization.
Stage 1, EU GDPR compliance preliminary assessment (also known as "Project Scoping")
- Purpose: Assess the feasibility and preliminary scope for EU GDPR certification;
- Time and resource estimate: 3 ~ 5 days;
- Evaluation of personal data processing principles compliance, i.e. Chapter 2 GDPR;
- Evaluation of processes related to data subject's right, i.e. Chapter 3 GDPR;
- Evaluation of personal data controller and processor's responsibilities, i.e. Chapter 4, GDPR
- Evaluate the service and personal data processing processes on legal aspects;
- Evaluate the ICT systems, services, products on technical aspects, i.e. Art. 32 GDPR, Art. 25 GDPR (Privacy by Design or by Default);
- EU GDPR compliance assessment report
Stage 2, EU GDPR compliance advisory and improvement
- Purpose: improve the identified deficiency
- Time estimate: 1 ~ 3 months;
- Supporting for preparing a legal and technical assessment (e.g. before the implementation of a new tool or service within a company or before publishing a new tool or service by a manufacturer) (e.g. video surveillance)
- Supporting for Data Protection or Privacy Impact Assessment (PIA) according to Art. 35 GDPR;
- Supporting and Advisory for preparation of new documentation or policies in context to the GDPR (e.g. Data Protection Policy)
- (Option) Supporting on EU GDPR compliance document preparation, i.e. Data Protection Management System (according to ISO/IEC 27001, ISO/IEC 27701, BS 10012);
- Professional services;
Stage 3, EU GDPR compliance re-assessment
- Purpose: Verification and validate the EU GDPR compliance improvements
- Time estimate: 3 ~ 5 days;
- Data protection audits include a technical and/or IT Security part in relation to Art. 32 GDPR or Art. 25 GDPR (Privacy by Design or by Default). Possible to cover the legal, technical and cybersecurity.
- TUViT Trust Site Privacy - EU GDPR Compliance Assessments;
- (Option) Supplier audit for controlling the Data Processor according to Art. 28 GDPR (processor agreement)
- (Option) Audit for video surveillance (e.g. GDPR Compliance Control for Hotel Groups or others)
- (Option) Website Audit (legal and maybe technical according to the GDPR)
- TUViT Trust Site Privacy assessment report
Stage 4, EU GDPR compliance certification (option)
- Purpose: Demonstrate of EU GDPR compliance
- Time estimate: 1 month
- Closeout the findings by document review the objective evidence and/or additional on-site assessment;
- Apply for theTUViT Trust Site Privacy certification;
- TUViT Trust Site Privacy certification report;
- TUViT Trust Site Privacy certificate
- The time and resources depend on the complexity of the personal data processing process and/or product.
- This service is in collaboration with TUViT, Germany