General Data Protection Regulation

From May 2018 stricter regulations will come into force concerning data protection with the aim of giving people greater control over their personal data, while ensuring the free flow of personal data between European Union Member States


Challenges facing Data Protection Regulation

  • to ensure individuals are clearly informed about the data collected on them
  • to ensure individuals’ explicit consent is obtained especially when it comes to processing data relating to children
  • to assure portability of data for individuals
  • to ensure all individuals affected are informed in the event of data leakage
  • to grant all individuals the right to be forgotten should they so request
  • to ensure individuals are informed about automated profiling and afforded the opportunity to disprove the results of such
  • to afford individuals the opportunity to unsubscribe from direct marketing campaigns
  • to introduce the strongest possible security measures with respect to special personal data
  • to ensure legal agreements are concluded concerning data transfer outside the EU

ADAPTO methodology which supports GDPR

  • Business Impact Analysis / Privacy Impact Assessment
  • personal and special categories of personal data assets
  • data infrastructure (process – data – application)
  • purpose, lawful basis and retention period of data processing
  • data controller and data processor
  • purpose limitation (data protection audit)
  • data sharing audit
  • tracking data protection activities
  • risk analysis and treatment (CRAMM)
  • accepted risks and risk treatment plans