Gdpr  Consulting

Starting a process of adaptation and compliance to the GDPR, is not only mandatory, but is an

opportunity for companies to improve their services and production processes.

ENIGMA analyses the methods of treatment of existing personal data, trains IT managers and operators according to the law, in order to define an implementation plan to comply with the 2016/679 regulation.

  1.  Company Assessment with regard to regulations.
  2.  Data Protection Impact Assessment (DPIA) to establish the risk of the treatment and the impacts on the interested parties, the owners and the controllers.
  3. Identification of risks. Risks related to the processing of personal data during company activities are identified and analyzed as an integral part of the process of adaptation to the GDPR.
  4. Solutions. upgrading of hardware and software systems to equip and align the company security plan with the GDPR regulations.
  5. Training. Training courses for Executives and for Security Managers 


Development and editing of documents: editing of adaptation measures:

  • Owner, Data controller, Processing Manager;
  • Privacy by Design and Privacy by Default;
  • Business Continuity and Disaster Recovery Plans;
  • Cancellation systems;
  • Portability of personal data;
  • Data Breach management;
  • Implementation of IT security measures (IT and cyber security, encryption, standard;
  • Software systems, minimization, pseudonymisation, anonymisation, etc.);
  • Advice to the Data Protection Officer (DPO).


Development and editing of documentary requirements:

  • Risk analysis;
  • Data protection impact assessment (DPIA);
  • Information;
  • Authorizations;
  • Functions;
  • Register of treatment activities;
  • Accesses;
  • Measures to address compliance;
  • Register of treatment activities;
  • IT technical solutions: security and IT infrastructures;


Implementation:

Selection and transfer of assessments, measures and documentary requirements:

After evaluating the existing methods and the risks associated with them, the management and the company stakeholders involved in the processing of personal data are joined by ENIGMA Team in the implementation process, up to full compliance with the GDPR.


Benefits and risks

Benefits from GDPR compliance:

  • To foster mitigation in Risk Management and Business Continuity;
  • To improve the policies, measures, skills and the corporate culture of cybersecurity;
  • To guarantee corporate reputation;
  • To approach the adoption of technological and IT process standards required by the most innovative and advanced suppliers and customers.


Risks and penalties resulting from the violation of personal data

A breach of personal data, if not properly and timely addressed, can result in:

  • Limitation of the rights of natural persons;
  • Loss of control of personal data, theft or identity usurpation;
  • Financial losses to the company;
  • Prejudice to reputation and corporate image;
  • Economic or social damage to the natural person concerned.


Failure to comply with the GDPR can lead to the following penalties for the company:

  • Significant fines (up to 4% of the company's turnover);
  • The limitation or prohibition by the supervisory authority of the processing of personal data, with the possibility of stopping the activities and the business of the company;
  • Financial losses to the company;
  • The obligation to pay compensation for material and / or immaterial damages to the person concerned who suffers damage, either by the data controller or by the controller.


Contact us for more info about the GDPR compliance.