The General Data Protection Regulation (GDPR) affects all organisations that process personal data (PII) of citizens of the European Union and will apply from May 27, 2018. It imposes on every organisation, big or small, as well as on both PII controllers who collect data and those who process the data, called PII processors, the setting up of adequate protection and compliance with the regulation and to prove, in the case of a complaint or violation, conformity with the requirements and the stated principles of protection. This can be achieved with a well-defined management system and proper documentation. Depending on the risks associated with the processing, it also imposes the appointment of a Data Protection Officer (DPO), a Data Protection Impact Assessment (DPIA) and the formal justification that sufficient measures have been taken to reduce the risk of disclosure, manipulation, or loss of data. These requirements are accompanied by the announcement of extremely severe, proportional but dissuasive, administrative penalties. This presentation explains the requirements on SMEs and gives guidance on how to address them.
Presented by Dr. Carlo Harpes for Jonk Handwierk at LaLux Auditorium in Leudelange.