Feb 22, 2020 CERT.Global 1452times

EU GDPR and EU ePrivacy Regulation Compliance Improvement and Certification

We are supporting your business on EU GDPR, ePrivacy regulation, and relevant data protection compliance. 

Introduction

Following the implementation of the “Personal Data Protection Act” in worldwide, the EU-US Privacy Shield Framework between the United States and the European Union, the EU General Data Protection Regulations (EU GDPR) were enforced by the European Union by May 25, 2018, it requires the organizations to protect the personal data.

Therefore, the organization must establish a systematic management mechanism (for example, the BS 10012:2017, PIMS, personal data management system, or ISO/IEC 27701:2019, PIMS, Privacy Information Management System) to comply with the regulation, and the data protection principles required by GDPR article 5, for example, the appointment of dedicated personnel responsible for personal data inventory, education, and training, communication, notification, data protection, and control measures (for example, integration with ISO 27001 information security management and ISO 22301 business continuity management).

To demonstrate compliance, the organization shall take the following regulation into consideration: 

  • REGULATION (EU) 2016/679 - EU GDPR (General Data Protection Regulation)
  • DIRECTIVE (EU) 2016/680 - criminal offenses or the execution of criminal penalties
  • Regulation on "Privacy" and "Electronic Communications 

Who should apply?

This is intended for those organizations that been requested to comply with EU GDPR.

  • Personal data controller and processor;
  • IT or web-based services, IT Products developer, manufacturer;
  • "Smart"-based service provider;
  • Service/supply chain/outsource provider. 

Service objectives

  • Demonstrate that personal data processes comply with EU GDPR's personal data processing principles; 
  • Demonstrate that technically comply with EU GDPR's requirements, i.e. encryption, access control. 

Service benefits

  • Demonstrate the EU GDPR compliance by Trusted Site Privacy Certification by TUViT.
  • Improve the overall understanding of EU GDPR and data protection compliance requirements.
  • Identify the opportunity for improvements in personal data protection in the organization.

Service outline

Stage 1, EU GDPR compliance preliminary assessment (also known as "Project Scoping") 

  • Purpose: Assess the feasibility and preliminary scope for EU GDPR certification;
  • Time and resource estimate: 3 ~ 5 days;
  • Activities
    • Evaluation of personal data processing principles compliance, i.e. Chapter 2 GDPR;
    • Evaluation of processes related to data subject's right, i.e. Chapter 3 GDPR;
    • Evaluation of personal data controller and processor's responsibilities, i.e. Chapter 4, GDPR
    • Evaluate the service and personal data processing processes on legal aspects;
    • Evaluate the ICT systems, services, products on technical aspects, i.e. Art. 32 GDPR, Art. 25 GDPR (Privacy by Design or by Default);
  • Deliverables:
    • EU GDPR compliance assessment report

Stage 2, EU GDPR compliance advisory and improvement

  • Purpose: improve the identified deficiency
  • Time estimate: 1 ~ 3 months;
  • Activities
    • Supporting for preparing a legal and technical assessment (e.g. before the implementation of a new tool or service within a company or before publishing a new tool or service by a manufacturer) (e.g. video surveillance)
    • Supporting for Data Protection or Privacy Impact Assessment (PIA) according to Art. 35 GDPR;
    • Supporting and Advisory for preparation of new documentation or policies in context to the GDPR (e.g. Data Protection Policy)
    • (Option) Supporting on EU GDPR compliance document preparation, i.e. Data Protection Management System (according to ISO/IEC 27001, ISO/IEC 27701, BS 10012);
  • Deliverables
    • Professional services; 
    • Documentations; 

Stage 3, EU GDPR compliance re-assessment 

  • Purpose: Verification and validate the EU GDPR compliance improvements
  • Time estimate: 3 ~ 5 days; 
  • Activities:
    • Data protection audits include a technical and/or IT Security part in relation to Art. 32 GDPR or Art. 25 GDPR (Privacy by Design or by Default). Possible to cover the legal, technical and cybersecurity.
    • TUViT Trust Site Privacy - EU GDPR Compliance Assessments;
    • (Option) Supplier audit for controlling the Data Processor according to Art. 28 GDPR (processor agreement)
    • (Option) Audit for video surveillance (e.g. GDPR Compliance Control for Hotel Groups or others)
    • (Option) Website Audit (legal and maybe technical according to the GDPR)
  • Deliverables
    • TUViT Trust Site Privacy assessment report

Stage 4, EU GDPR compliance certification (option)  

  • Purpose: Demonstrate of EU GDPR compliance
  • Time estimate: 1 month
  • Activities
    • Closeout the findings by document review the objective evidence and/or additional on-site assessment;
    • Apply for theTUViT Trust Site Privacy certification; 
    • TUViT Trust Site Privacy certification report; 
  • Deliverables
    • TUViT Trust Site Privacy certificate 

Organizational information

  • The time and resources depend on the complexity of the personal data processing process and/or product. 
  • This service is in collaboration with TUViT, Germany

Additional Info

Venue (地點): Asia Pacific, Europe, Middle-East, UAE, US

Related items

EU GDPR and EU ePrivacy Regulation Compliance Foundation Training Course
EU GDPR and EU ePrivacy Regulation Compliance Foundation Training Course

In this training course, we will help you to understand "WHAT" are the EU GDPR, ePrivacy regulation, and relevant data protection compliance requirements. 

Feb 22, 2020
EU GDPR and EU ePrivacy Regulation Compliance for Data Protection Officer (DPO) Training Course
EU GDPR and EU ePrivacy Regulation Compliance for Data Protection Officer (DPO) Training Course

This course is the best practical training course for understanding on "HOW" to compliance with EU GDPR and ePrivacy Directive. 

Feb 22, 2020
Personal Information Management System (PIMS, BS 10012:2017) Auditor / Lead Auditor Training Course
Personal Information Management System (PIMS, BS 10012:2017) Auditor / Lead Auditor Training Course

Through the management system audit and certification, the organisation can demonstrate its ability on legal (i.e. EU GDPR, DPA, IPRs), legislationstandards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures compliance.

Also the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.

Feb 22, 2020
Go to top
JSN Educare is designed by JoomlaShine.com | powered by JSN Sun Framework