R. Amélia Rey Colaço, 40, Carnaxide, Portugal hexonio@hexonio.com +351 211 542 606

General Data Protection Regulation


The new 2016/679 regulation about protection of personal data, starting 25th May 2018, defines the rights and obligations regarding the gathering, processing and movement of EU citizens personal data.
Usually known by its GDPR initials, the General Data Protection Regulation is a direct application regulation that aims to allow a high and coherent protection level, equivalent in all member states, and extensible to external EU organizations that work with EU citizens personal data.

Hexónio GDPR

GDPR Challenges

With globalization happening as fast as ever, personal data gathering has seen a significant increase, becoming a critical part of the organization activity, either from a marketing and sales context through a CRM, as from the simple archive of personal data for later usage, or even from the data transfer to a third party, including into external EU locations.

Overview
Evaluation
  • Analysis of the current status
  • Data flow mapping
  • Personal data related processes analysis
  • Identification of security risks in personal data
Recommendations
  • Documentation of necessary recommendations for regulation compliance
  • Personal data security risks proposals
  • Processes changes for regulation compliance
Reporting
  • Risk analysis report
  • Legal file compilation
  • Evaluation report
Compliance
  • Validation of the proposed recommendations
  • Support for the recommendations implementation
  • Coaching of the recommendations implementation

When in an organization context, the personal data about workers, clients and suppliers is covered by the regulation, taking special consideration when it comes to sensitive data, such as medical and biometric information, and children data.

This creates a new challenge for the organizations since now they have the responsibility to manage personal data in a much responsible way in order to guarantee the GDPR compliance.

GDPR compliance solutions

The defined rules have legal, functional and technological implications with a direct impact in the way the organization gathers and treats personal data.

In order to be compliant with the GDPR, an organization has to obey with the regulation rules when it comes to personal data treatment. Thus, an organization needs to know a what is going on with the personal data, namely:

  • what personal data exists;
  • how they where obtained;
  • where are they;
  • how they are accessed;
  • who as access to it;
  • what is done with it;
  • how they are deleted.

This assessment forces the organization to take action and correct the processes that imply personal data treatment in order to achive GDPR compliance.

DPO solutions

The defined rules have legal, functional and technological implications, they even define a new accountable figure, the Data Protection Officer (DPO).

The DPO is the organization top responsible for control of the personal data activities and is the supervisor authority communication interlocutor.

To simplify the DPO daily work we have a software solution DPOAgenda

It is with great pleasure that we are pleased to belong now to APDPOAssociação dos Profissionais de Proteção e Segurança de Dados, member of EFDPO

APDPO

Hexónio understands the GDPR

Hexónio Consulting, with legal support and certified consultants in this regulation, offers services or organizational analysis with the goal of identify the corporate processes which its features require adoption to comply with GDPR.

To simplify the DPO daily work here is the Saas solution DPO Agenda

Don't be late! Stay in compliance with GDPR, Contact us and check out DPO Agenda.

Read our articles about GDPR