Home Services GDPR NIST About Facts and Trivia Contact Us

Into IT Computers, Inc. © 2001 - 2018 Into IT Computers, Inc. All rights reserved

Share on Facebook Share on LinkedIn Share on Twitter Share on Google Bookmarks

Data Protection Consulting

Into IT Computers, Inc.

Regulation EU 2016/679 (GDPR)

Is an European law that protects the rights and freedoms of European citizens as it pertains to the processing of personal data.  

Regulation EU 2016/679 (GDPR)

This law applies to any company worldwide that processes personal data on European citizens.  

Article 3 Territorial scope

3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Considerations with GDPR planning

  1. Where is your data
  2. How does your data flow within your organization
  3. How is your data secured
  4. What documentation needs to be maintained
  5. Privacy by design - (Article 25)
  6. Transparency - (Article 12)
  7. Individuals rights - (Article 15-22 & 34)
  8. GDPR requirements impact every level of the operational practices

Helpful Links and information to consider

For a copy of the regulation follow the link :  http://eur-lex.europa.eu/eli/reg/2016/679/oj


Information Commissioners Office - Guide to the General Data Protection Regulation (GDPR)

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/  


Some Definitions to understand

What is Personal Data

Personal Data is defined in Article 4 (1)

(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


What is Profiling

Article 4 (4)

(4) ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;


What is Pseudonymisation

Article 4 (5)

(5) ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;


What is Consent

Article 4 (11)

(11) ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;


What is Personal Data Breach

Article 4 (12)

(12) ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;


___________________________


Some Articles to be familiar with:


Chapter III

Rights of the data subject

Section 1

Transparency and modalities

Section 2

Information and access to personal data


Section 3

Rectification and erasure

Section 4

Right to object and automated individual decision-making


Chapter 4

Controller and processor

Section 2

Security of personal data


Section 3

Data Protection impact assessment and prior consultation



Section 4

Data protection officer




Summary:  This is a brief description to beginning your GDPR strategy and not a comprehensive look into the undertaking of becoming GDPR compliant.  You will need to adopt a framework that covers your cyber security program along with the extra compliance introduced with GDPR. You will need to work with a company specialized in GDPR compliance and data protection/cyber security that will bring your GDPR program together into a cohesive group to encompassing all core teams within your organization.

“CIT Data Protection Consulting” uses a combined framework and data protection controls to enhance and streamline your GDPR program. Our specialized consultants work with your teams to create specialized GDPR programs, train your teams and promote knowledge transfer in all areas of compliancy. At program completion we will be there every step of the way to provide assistance in any areas you require us to assist. We are there for any questions you may have.

If you need training seminars, extra training to newly on boarded staff, speakers for user acceptance training, or user acceptance automated video series, “CIT Data Protection Consulting” has everything you need. We are here to assist with all of your data protection/cyber security needs.   


**  Watch For Our Training Schedules, GDPR Seminars, and Focused Training Videos **

For a clear definition of your company GDPR obligation

Contact contact:          Data Protection Consulting

817-291-5374