Data protection/EU GDPR compliance
The EU General Data Protection Regulation (GDPR) superseded all EU member states’ previous national data protection laws based on the 1995 Data Protection Directive (DPD) on 25 May 2018. This includes the privacy law implemented 8 December, 1992 in Belgium (de Privacywet).
Non-compliant organisations face considerably greater penalties under the Regulation than under previous data protection laws – up to 4% of annual global turnover or €20 million. In addition, data subjects have the right to seek judicial remedies against data controllers and processors, as well as the right to obtain compensation for damages occurring as a result of GDPR breaches.
The Commissie voor de bescherming van de persoonlijke levensfeer (now known as the Gegevens-beschermingsautoriteit) was thus reformed on 23 August 2017 by the Wetsontwerp tot oprichting van de Gegevensbechermingsautoriteit to ensure it could properly exercise its new posers of enforcement.
If you’re undertaking a GDPR compliance project, IT Governance can provide everything you need.
Products and services
The GDPR states that data controllers must implement "appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing is performed in accordance with this Regulation".
These measures must include the implementation of appropriate data protection policies, and controllers may use adherence to approved codes of conduct or management system certifications "as an element by which to demonstrate compliance with [their] obligations".
An ISO 27001–compliant ISMS (information security management system) should be the starting point for all organisations seeking to demonstrate that they have implemented these measures. We’ve been helping organisations implement ISO 27001 for over a decade, and have led more than 400 certifications to date. What’s more, we offer a 100% guarantee of successful certification.
Here are a few ways we can help meet your GDPR compliance needs.
The GDPR encourages the adoption of certification schemes as a means of demonstrating compliance. Our consultants have over a decade’s experience of information security management and data protection projects.
Follow the links below for more information about how our consultants can help you.
Regular penetration testing is the most effective way of demonstrating that exploitable vulnerabilities in your company’s Internet–facing applications and infrastructure have been identified, and allows you to apply appropriate mitigation.
Click here for more information about penetration testing >>
Delivered by experienced data protection consultants, our GDPR training sessions are built on the foundations of our extensive practical experience advising on compliance with data privacy laws and related information security standards such as ISO 27001.
Certified EU GDPR Foundation
This one–day course provides a comprehensive introduction to the EU GDPR, and a practical understanding of the implications and legal requirements for UK and EU organisations of any size. Delegates who pass the included exam gain the EU GDPR F qualification from IBITGQ. Click here for more information about EU GDPR Foundation training >>
Certified EU GDPR Practitioner
This four–day advanced-level course covers the Regulation in depth, including implementation requirements, the necessary policies and processes, and important elements of effective data security management. Delegates who pass the included exam gain the EU GDPR P qualification from IBITGQ. Click here for more information about EU GDPR Practitioner training >>
All of our training courses are available in classroom and Live Online formats.
Speak to a GDPR advisor
Please contact our GDPR team for advice and guidance on our products and services.