GDPR Services

ABOUT GDPR

GDPR is the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data. The General Data Protection Regulation analyses the obligations of Data Subjects and also of personal data processing Controller. The new Regulation entered into force on 5 May 2016 with a 2-year transitional period and it applies as a directly applicable Legislative instrument, which shall automatically apply in all member states of the European Union from 25 May 2018. Non-compliance with the requirements of the regulation shall entail huge fines, even up to 4% of Turnover.

GDPR SERVICES

  • GAP ANALYSIS

Gap Analysis help us identify the actual level of compliance of a company with GDPR, by determining the points which shall be encountered so as a company or organisation to comply with GDPR Regulation. In case a company is at the first stages of preparation for GDPR, a Gap Analysis shall be a very good way firstly to understand the procedure of implementing the regulation for your enterprise and then to carry out the necessary check regarding the critical and high risk or weakest areas of such procedures carried out by your information system and therefor your data processing.

 

  • ASSESSMENT AND COMPLIANCE PLAN

Following completion of data mapping and gap analysis, we proceed to the first assessment according to the gaps or shortages which may arise. The design of the plan and the management of risks shall be the basis for the achievement of compliance, as the next step, including a high-level field of application. Its objective shall be the creation of a plan that will be allowed to form the changes required so as to develop the required policies and procedures for Data Governance.

  • POLICIES AND COMPLIANCE PROCEDURE

Following the application of the GDPR for the protection of the data of the EU, the Greek companies or organisations processing personal data of EU residents try to ensure their compliance with GDPR. Let us present you a summary of the way any company or organisation may prove its compliance procedure with the regulation through the services provided by ELIA:

 

  • Maintain updated documentation of processing activities.
  • Appointment of a data protection officer (DPO), if necessary.
  • Implementation of measures for compliance with data protection principles from the design.
  • Adoption of appropriate technical and organizational measures (policies and procedures) to ensure compliance demonstration
  • Conduct of data protection impact assessment (DPIA), where appropriate.
  • Proof of liability and documentation, as integral part of the compliance work with GDPR standard
  • Development of policies and procedures for the proof of compliance with GDPR

 

  • AWARENESS SEMINARS / DPO

Awareness regarding cybersecurity of users aims to provide an introduction on cybersecurity issues and the way enterprises or organisations are affected. This seminar shall begin with the exploitation of work environment of enterprises and the provision of a major research regarding the methods used by hackers to gain access to targeted information systems in order to achieve their goals. This seminar is provided at your premises, our offices or through special distant platform. Along with the awareness seminar, ELIA provided a special DPO seminar.

 

  • DATA PROTECTION OFFICER SERVICES

ELIA, as your contractor, provides the DPO Outsourcing service as comprehensive service. The data protection officer is the intermediate link contacting the data protection authority (DPA) suggesting changes in case a procedure or policy does not comply with GDPR law, by harmonising the enterprise or organisation with the Greek protection authority.

 

  • VULNERABILITY ASSESSMENT

A potential vulnerability assessment of the information systems that could determine the next steps to be taken so as firstly the enterprise or organisation to be safe and then to comply with GDPR.