Eurotux Group advises clients on compliance with GDPR
The Eurotux Group has put together a set of activities within the scope of the General Data Protection Regulation (GDPR) coming into effect, including internal actions, raising awareness, defining and applying security policies and codes of conduct, as well as external events, raising awareness and presenting solutions, with hundreds of participants, contributing to a multi-faceted response to some of the underlying concerns of this Regulation.
The GDPR strengthens the protection of Personal Data for citizens of the European Union (EU), making all parties involved in handling this data responsible. To this end, companies should keep an internal record for the Personal Data they handle, namely indicating the data’s purpose and the name of the person responsible for its processing. For each data handling process, a risk analysis should be implemented, to evaluate the impact of any flaws. The failure to comply with these rules can incur considerable sanctions from the supervising entities or prompt lawsuits from groups of citizens that feel they’ve been harmed.
The Eurotux Group’s companies, due to the nature of the service they provide (hosting / housing of servers, systems administration services, backup data storage, implementation of applications), are eligible to be considered a co-responsible entity for the processing of data in the different situations regarding each of the services they provide. To assume this responsibility, it’s necessary, in an initial phase, to have a specific view of the relevant parameters regarding Personal Data that have been stored/collected/processed by clients, within the scope they’ve decided to allow access (type of Personal Data, volume, generic processing operations, among others) to the Group’s companies.
The Data Protection Officer (DPO) is a key figure in this process, since it is the DPO that has the responsibility to validate the compliance with the GDPR and to advise the person responsible for data processing. Large scale companies and others that handle sensitive data, ore obliged to designate a DPO by the new Regulation, but it may be advisable to always do so, in order to assess with full clarity, the processes for GDPR compliance.
An essential step in complying with the GDPR is keeping a clear record of all data processing activities. In this way, the Eurotux Group can gather information with its clients, on the type of Personal Data they’re collecting, processing and/or storing on platforms, services and/or applications that their companies have access to, manage, or implement. Additionally, it should also keep track of the approximate volume of data, as well as any special categories of Personal Data, and the existence of any transmission of Personal Data outside of the EU. Collecting this information is essential to comply with the obligation of advising its clients, in order to help them put the demands of the GDPR into practice, namely regarding the risk assessments and notifications of data violations, and so clients can tend to their business without any extra worries.
If you’d like to learn more, don’t hesitate to get in touch with us.