In May 2016, new privacy rules were adopted at European level via the "EU Data Protection Regulation 2016/679". After a implementation period of 2 years, these new rules have been activated as of May 25, 2018. In Europe the new privacy regulation is known under the name "General Data Protection Regulation (GDPR)".
It has become the responsibility for everyone to protect privacy and to ensure that personal information is always adequately protected against unauthorized processing.
The GDPR obliges organizations to take technical and organizational measures to ensure this privacy. These measures derive from rules for "rights of the data subject" and "obligations for the controller and processor". This applies to all private and public organizations that process personal data or to whom the processing is outsourced.
2-Control can carry out a privacy audit in which we issue an opinion in the form of an assurance statement. Organizations can use this for communication to third parties.
Complying with GDPR
GDPR implementation is an organization-specific process. To avoid a scattergun approach, it is important to take a targeted approach. You can do this by mapping out the current situation of your organization with regard to the General Data Protection Regulation by means of an GDPR Compliance Scan.
The 2-Control GDPR Compliance Scan gives you insight in the required level of compliance for your organization. Based on our findings and recommendations, you can use our scan as a baseline measurement or as a starting point for the implementation of GDPR in your organization.
Request the GDPR Compliance Scan here
In this document you can read how to become GDPR compliant and how 2-Control can support you in this.
Does the GDPR apply to you?
Unlike privacy laws in some other jurisdictions, GDPR applies to organizations of all sizes and all industries. In other words, there's a very good chance that you will have to comply with this.
The law applies to:
- a company or entity which processes personal data as part of the activiteis of one of its branches established in the EU, regardless of where the data is processed; or
- a company established outside the EU offering goods/services or monitoring the behaviour of individuals in the EU.