Denemax Consulting offers a Global Consulting Service, providing solutions to both legal deficiencies and those that may affect you on a technical and organisational level. By taking such a comprehensive approach to your protection, we guarantee a coherent implementation of all necessary measures.
We offer you a free preliminary analysis to inform you about the correct compliance with the RGPD and the LOPDGDD as well as the personalised involvement required by your company, as well as an assessment report and a detailed procedure of the steps to be taken to adapt to both laws according to the type of company and the needs detected.
Our Legal Department carries out the following operations with the aim of adapting your company to the current regulations on Data Protection.
ADAPTATION TO THE GENERAL DATA PROTECTION REGULATION
On 25 May 2018, the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR) came into force. The GDPR is a step forward for the control and protection of citizens’ personal data as it is a fundamental right, establishing a data protection regime directly applicable to all EU states.
All companies must adapt to the GDPR approved by the European Parliament, which harmonises the obligations of companies in terms of data protection and the right to privacy of individuals.
In Denemax Consulting we offer a comprehensive solution for adaptation to the RGPD, providing a service tailored to the needs of each client, analysis and diagnosis of the situation of the company in this area and evaluate the risks of possible breaches, therefore, the maximum guarantee of a true adaptation.
With comprehensive quality advice and after a prior study of your activity, we will document procedures, clauses and contracts, we will locate the habits and methods used that may give rise to risk situations and, fundamentally, we will define the Data Protection Policy that should prevail in your activity, including the protective measures that will help to avoid any incident.
The GDPR proposes a substantial change in the approach to data protection: this change of approach stems from the greater self-government that the GDPR grants individuals over their own personal information and this implies a very important change in the way of informing and obtaining consent that is imposed on data controllers.
The GDPR is more demanding with respect to companies, entities and professionals, as it not only obliges them to establish more conscious and diligent measures necessary to ensure the proper processing of the personal data they hold and manage, but also urges them to demonstrate that they are doing so.
Denemax Consulting offers a Global Consultancy service, providing solutions to both legal deficiencies and those that may affect you on a technical and organisational level. Taking such a comprehensive approach to your protection ensures a consistent implementation of all necessary measures, privacy by design and by default.
In addition to the legal requirements set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, imposing obligations on all those who process personal data; Law 34/2002 on Information Society Services and Electronic Commerce also provides requirements that require preventive and corrective advice on websites, E-Commerce platforms, etc., which Denemax Consulting includes in its consulting services.
The new European Data Protection Regulation establishes a new obligation for data controllers to carry out a Privacy Impact Assessment (PIA).
Where a type of processing, in particular where it uses new technologies, is likely, by its nature, scope, context or purposes, to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to processing, carry out an assessment of the impact of the processing operations on the protection of personal data.
A Personal Data Protection Impact Assessment (PPRIA) is an exercise of analysing the risks that a given information system, product or service may entail for the fundamental right to data protection of data subjects and, following that analysis, effectively managing the risks to be eliminated or mitigated by adopting a series of security measures.
Impact assessments fall within the scope of preventive measures or actions, since it is an assessment process that must be carried out before starting personal data processing operations; in this sense, it connects with the concept of privacy by design, which in the GDPR is identified as «data protection by design». This means that, both when defining the different processing operations and when determining and applying the means to be used to process personal data, the principles, rights and obligations set out in the regulations applicable to the processing operations to be carried out must be taken into account.
Notwithstanding the previous paragraph, there is no obstacle to consider a PIA for existing processing operations. In fact, the impact assessment should be carried out using a method that allows it to be repeated, since in certain circumstances it will have to be revised and updated.
It is worth bearing in mind that a PIA is a very useful instrument in relation to the principle of proactive accountability, since it facilitates not only compliance with the standard, but also the ability to demonstrate it, etc., which Denemax Consulting contemplates as part of its consultancy services.
Sanctions under the New European Data Protection Regulation:
The GDPR imposes very severe fines on organisations. At the same time it establishes a dual system for setting the amount of the fine.
Fines may be:
– Up to EUR 10 million o, for companies, 2% of total annual turnover.
Cases: failure to adopt security measures. Or, for example, failure to appoint the Data Protection Officer where applicable.
– Up to EUR 20 million o, for companies, 4 % of total annual turnover.
Cases: infringement of the rights of data subjects. Also non-compliance with basic principles of processing, etc.
The more burdensome option shall always prevail.. 20 million is less than the fine inferred from applying 4% of the total annual turnover, the second system will be chosen.
Our Data Protection Consultancy also deals with the defence in disciplinary proceedings before the AEPD. As well as before the Contentious-Administrative Jurisdiction.
GLOBAL RGPD CONSULTANCY
Denemax Consulting offers a Global Consultancy service, providing solutions to both legal deficiencies and those that may affect you on a technical and organisational level. Facing your protection from such a comprehensive approach guarantees you a coherent implementation of all the necessary measures, privacy by design and by default.
The Consultancy Service comprises:
Analysis of the current situation and detection of relevant breaches of data protection.
Risk analysis and impact assessment.
Drafting of contracts, clauses and forms necessary for the collection and
processing of personal data.
Preparation of the Security Document on the basis of the requirements of the
Security Measures Regulation.
Issuance of a Legal Opinion on the level of compliance and proposal of corrective
Assuming DPO/DPD functions
Preparation of reports on specific legal consultations.
Ongoing monitoring and counselling actions.
Training and awareness-raising of the organisation’s staff, information protocols
of the processes implemented. Drafting of manuals for internal use.
Legal assistance before the Spanish Data Protection Agency and appeals in the Contentious-Administrative jurisdiction.
Implementation of technical and organisational obligations to ensure the security of all data processing, whether automated or not, as well as the organisation’s information systems.