We can help you prepare your organisation for GDPR compliance. We have a team of experienced practitioners who understand what it takes to comply with legal requirements in a way that is optimised for your business priorities. Click on the headings below to read more about how we can help in different areas. If you would like more information on what you should do to ensure that you are prepared, please feel free to contact us - we are here to help.
The gap analysis highlights the gaps between your business and the GDPR's requirements and proposes action proposals with estimated priorities and complexity for implementation. The goal is that the business can continue to work on the results of the gap analysis in various implementation projects where Sharp Cookie Advisors can support the action phase in these projects. An investigation of the business impact of regulatory compliance with the new data protection legislation is also a good basis for management's priorities for continued work in business development and digitalisation.
Every organization needs to be able to demonstrate at any time that it complies with the requirements of data protection legislation. This is done practically by the organization having a documented work on data protection issues, a so-called "Privacy Program" which exposes the organization's basic working methods and responsibility for data protection issues.
"Every organization should be able to know what data it uses, what obligations apply to that data and how the organization handles data in an efficient and secure manner, with the least possible disruption in business operations."
We provide organizations with support in the long-term work to secure the company's data assets by supporting the management in developing a customized privacy program in accordance with best practice and GDPR.
A news with the GDPR is that organizations will be required to report security incidents involving personal data to the regulator, and in some cases even those registered, within 72 hours of the incident being discovered.
We support you in reviewing your processes for handling, documenting and reporting personal data incidents.
Individual rights are strengthened under the GDPR and those registered have an enhanced right to exercise control over their personal data.
Each organization now has a 30-day deadline to compile and provide a copy of a registrant's request for extracts on its personal data. This places new demands on technical systems, work processes, and legal assessment of the registrants' request for extradition.
The data subject has the right to request that in some cases his personal data be deleted from the organization's activities, which includes back-up and data shared to subcontractors.
In order to avoid lock-in effects, a new right has been added - data portability - which allows registered as users and employees to bring their own personal data with another organization.
These individual rights are not absolute rights for the data subjects, but your organization has rights with them. We can support your organization by setting up the appropriate way of working to effectively manage these new ways of working.
- ”Nej, cio:n ska inte vara dataskyddsombud – det är säkrare med en extern lösning” - CIO Sweden
- ”Därför behöver vårdbolag påbörja anpassningen till GDPR redan i dag” - Computer Sweden
- ”Sätt igång – snart är nya dataskyddslagen här” – Telekom idag
- Vad innebär EU:s nya Dataskyddsförordning?
- Dataskyddsförordningen juridisk guide
- Så påverkas beteendemarknadsföring av GDPR - hög tid att påbörja anpassningen
- Preparing IT and organisation for Brexit and GDPR