What Do We Do?
We have established a specialized GDPR consultancy firm in Cyprus in order to enable businesses to achieve compliance in the most meaningful manner. We guide companies to maximize opportunities and minimize risks of GDPR noncompliance and consequently optimize their businesses.
Resulting from the complex nature of this regulation, to achieve GDPR compliance you need legal as well as business and technical expertise. DataKnights offers a full service GDPR consultancy providing all three types of advice.
In particular, we offer:
What Do We Do?
We have established a specialized GDPR consultancy firm in Cyprus in order to enable businesses to achieve compliance in the most meaningful manner. We guide companies to maximize opportunities and minimize risks of GDPR noncompliance and consequently optimize their businesses.
Resulting from the complex nature of this regulation, to achieve GDPR compliance you need legal as well as business and technical expertise. DataKnights offers a full service GDPR consultancy providing all three types of advice.
In particular, we offer:
What is GDPR ?
General Data Protection Regulation (GDPR) is a new EU regulation that will be automatically enforced on the 25th of May 2018 at all EU Member States. It applies to both EU and non-EU entities which are handling EU citizens’ personal data.
The GDPR will replace the Data Protection Directive 95/46/EC, aiming to harmonize data privacy laws across Europe. The goal is to protect and empower all EU citizens’ data and to reshape the way organizations manage data privacy.
Although the main reason and principles of the previous directive remain unchanged, the new GDPR legislation has much broader scope in order to protect EU prospects’ personal data worldwide with relevant measures to the fast-changing digital world.
For the first time in the history of data privacy, the new GDPR emphasizes on its “by default” and “by design” implementation provisions together with the level of non-compliance sanctions.
Consequently, the new GDPR is the most important change in data protection laws in the last twenty years.
Who and why must be compliant ?
Virtually, the new GDPR affects all businesses including:
In addition, the GDPR grants the right to data subjects to seek monetary compensation from the enterprise that processes their personal data if the data subjects have incurred damage as a result of a personal data leakage.
Nevertheless, it is important to note that thanks to the new regulation, doing business will become easier. It is because there will be one common set of rules for organizations processing data in the EU. Compliance with the GDPR is expected to boost customer confidence and trust in organizations– enabling for a better performance.
Who and why must be compliant ?
Virtually, the new GDPR affects all businesses including:
In addition, the GDPR grants the right to data subjects to seek monetary compensation from the enterprise that processes their personal data if the data subjects have incurred damage as a result of a personal data leakage.
Nevertheless, it is important to note that thanks to the new regulation, doing business will become easier. It is because there will be one common set of rules for organizations processing data in the EU. Compliance with the GDPR is expected to boost customer confidence and trust in organizations– enabling for a better performance.
Get the 10 steps guide to prepare for GDPR
Why do you need experts ?
In summary, the new legislation places heavy obligations on data subject consent, data anonymization/encryption and transparency, privacy by design and by default. The GDPR requires organizations which process EU citizens’ data to undertake major operational reforms in regards to several factors:
• Processing of personal data throughout their lifecycle, from collection to destruction
• Transferability
• Protection of all individuals’ rights
• Security (confidentiality, integrity, availability)
• Breach notification within 72 hours in case of violation
• Appointment of Data Protection Officer
Consequently, it is essential to engage with the experts who will not only ensure that you are compliant with GDPR but will also implement it in a way to turn the GDPR compliance into your competitive advantage, simultaneously imposing a minimum operational burden your organization.
Why do you need experts ?
Data Range
The definition of personal data has expanded, bringing more types of data into the regulated perimeter. It will include data that contain name, address, localization, online identifier, health data, income, cultural profile and more. It means that dealing with any of these data has to be done in accordance to the GDPR regulation. This is also applicable to clients, employees or third party data.
Data Collecting, Processing and Storing
There are many new aspects that GDPR puts an emphasis on. When it comes to collecting, processing and storing personal data, implementing those new policies requires some adjustments. It includes complete audit of your existing processes and procedures and advice on how to become compliant.
Transparency
One of the pillars of GDPR is the principle of transparency towards individuals whose personal data are processed. Transparency will be reflected in many obligations related to the processing of personal data. It also includes informing the subjects of the type, purpose and time length of such processing. All information has to be easily accessible, understandable and formulated in a clear, simple and precise manner.
Consent
GDPR sets specific requirements for consent and introduces a definition of this concept. Most importantly, it is obligatory to show that the consent is expressed with a positive action and is explicit. Consent must be voluntary and it may be granted in any of the forms described in the GDPR provisions. The regulation also suggests that data processing for various purposes requires separate consent for each and every purpose.
Design
To keep up with the principle of privacy protection at the design stage, you must take into account several factors. Those are the cost of implementation, the nature, the scope, the context and the objectives of the processing. It goes together with the risk of infringement. In addition, you should access the rights or freedoms of individuals with different probabilities of occurrence and seriousness of hazards arising from the processing. The regulation expects the enterprises to take all appropriate technological and organizational measures.
Default
The privacy policy by default obliges you to ensure that only necessary data and for the necessary time is processed. Necessity is defined by the purpose and by any other applicable regulation or legislation.
The GDPR imposes an obligation to assess the impact and risks of processing data to the physical person. In addition, you also have to evaluate what data is being processed and what threats may occur when processing it. This also leads to an assessment of what measures need to be taken to safeguard data while processing it.
Breach notification
GDPR imposes a totally new requirement. Companies are obliged to report to the supervisory authority the occurrence of a breach of personal data within 72 hours.
Data Protection Officer
The regulation puts an obligation to designate a Data Protection Officer. Both the collector and the processor are required to designate a data protection supervisor in the indicated cases (e.g. when processing involves regular and systematic monitoring of data subjects on a large scale). The duty of appointing a DPO may also be imposed by a national law.
In summary, the new legislation places heavy obligations on data subject consent, data anonymization/encryption and transparency, privacy by design and by default. The GDPR requires organizations which process EU citizens’ data to undertake major operational reforms in regards to several factors:
• Processing of personal data throughout their lifecycle, from collection to destruction
• Transferability
• Protection of all individuals’ rights
• Security (confidentiality, integrity, availability)
• Breach notification within 72 hours in case of violation
• Appointment of Data Protection Officer
Consequently, it is essential to engage with the experts who will not only ensure that you are compliant with GDPR but will also implement it in a way to turn the GDPR compliance into your competitive advantage, simultaneously imposing a minimum operational burden your organization.
Our services
We offer you to become GDPR compliant in a way that will make a business sense for your company and bring you closer to success.
Our services
We offer you to become GDPR compliant in a way that will make a business sense for your company and bring you closer to success.