New Development for ADAM Global Europe in the field of Data Protection:28 EU Countries IAPP’s certified Information Privacy Professional based in Brussels, EU Headquarters
The EU GDPR (General Data Protection Regulation) creates two tiers of maximum fines depending on whether the controller or processor committed any previous violations and the nature of violation. The higher fine threshold is 4 percent of undertakings worldwide annual turnover or 20 million euros, whichever is higher. The lower fine threshold fine is 2 percent of undertakings worldwide annual turnover or 10 million euros, whichever is higher.
Our Belgian member, M. Christophe Boeraeve, is pleased to inform that he just obtained the prestigious IAPP’s Information Privacy Professional/ Europe (CIPP/ E) Certificate. You may also find his complete LinkedIn Profile here
Since more than 10 years, the CIPP has been identified as the world’s prominent credential in the business of security. Since its introduction in 2004, the CIPP has elevated the careers of thousands of professionals working in privacy and data protection across the globe.
The IAPP’s Certified Information Privacy Professional/ Europe (CIPP/ E) credential brings an integrity measure to the field. More can be found on the official website.
For the first time, European and global professionals have a means of measuring and demonstrating their understanding of European data protection laws, concepts, criteria and obligations.
The new CIPP/ E certification proves a useful credential for all members that need to recommend Christophe for new EU data protection compliance, but also for all organisations seeking to provide further education for their own staff—from data protection and privacy officers, lawyers, HR and marketing managers to engineers developing new products and services.
It shows the world that our member knows privacy laws and regulations and how to apply them. Christophe gained and is ready to share a fundamental understanding of broad global concepts of privacy and data protection law and practice, including: jurisdictional laws, regulations and enforcement models; essential privacy concepts and principals; legal requirements for handling and transferring data and more.
The GENERAL DATA PROTECTION REGULATION applies not only to EU based companies but also to all worldwide companies that :
a) Offer good or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
b) Monitor of their behavior as far as their behavior takes place within the Union
c) Estimate the overall technical, organisational & legal assistance needs
Our member services offer is divided into 3 progressive categories (the 3rd being the most comprehensive)
For each category, we will co-answer these 5 questions with your clients so that we Co-
- Estimate the overall technical, organisational & legal assistance needs;
- Value the part of time devoted to the IT audit; &
- Define the time to allocate to the Legal audit; &
- Review the organisational resourcesthat will be needed; &
- Assess the number of days to be spent on the project.
This entry level GDPR assistance provides you with the basic exploration of whether your enterprise faces any of the 20 following challenges to meet your ACCOUNTABILITY obligations :
- The GDPR applies to your enterprise and its related entities in or outside of the EU
- Your non-EU entities need to appoint a representative
- Your entity has to abide with the obligations of a Processor and/or a Controller
- On which lawful basis does your company process personal data
- Consent is unambigous or explicity given by the data subjects
- What are the available alternatives to lawfully processing of personal data
- Your compan(ies) handle Sensitive Data
- Your group of undertakings enter into cross-border processing
- You resort to profiling
- Handling of personal date is transparent (or not)
- You enter into a qualified pseudonymisation or encryption process
- Binding corporate rules apply to your cross-borders transactions
- Your obligations vis-a-vis the appointment of a Data Protection Officer (“DPO”) are fulfilled
- Personal Data Treatment is – or is not – fair
- The purpose limitation requirement is compliant
- Data Minimisation is applied correctly
- Collected Data are accurate and where necessary, kept up to date
- Storage is limited to no longer than is necessary
- Appropriate Security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures is offered
- Data protection by design & by default processes are compliant.
The deliverables are :
- Spotting non-compliance issues; &
- Practical suggestions for compliance; &
- Standard legalized texts and documents.
We have developed over the years an original set of world-wide recognized Frameworks, Tools and Methods originated from IT and our law-firm and customized them to match the legal, organizational & technical company infrastructures of our clients. Senior expertise & clients co-constructed solutions are our answers to International Data Protection and its constant revolutions.
Pricing : TBD
We now embark on a journey to satisfy ALL GDPR mandatory related obligations with particular emphasizes on Child’s protection (if applicable), prevention & handling of data breaches, prevention of complaints from data subjects, relations with the supervisory authorities, codes of conduct & certification, collaboration with your DPO or interim DPO management.
The deliverables are :
- Resolving non-compliance issues; &
- Lawful processing of Special categories of data; &
- Attestation that the Rights of the data subject now are GDPR protected; &
- Tailor made wordings and documents; &
- DPO role handled with, or in place of, a DPO (interim management).
Pricing : TBD
The final destination, call it paradise, necessarily implies a Data Protection Impact Assessment (DPIA).This should in particular apply to large-scale processing operations which aim to process a considerable amount of personal data at regional, national or supranational level and which could affect a big number of data matter, which might result in a bigger risk, for instance, on case of their responsiveness, following with the received condition of technological understanding the modern technology which utilized on a big measure as well as to other progressing operations that outcomes in a big risk to the rights and independence of data matter, importantly where those processes render it challenging for data matter to practice their entitlement. A data security effect evaluation should also be built where personal data are organized for taking conclusion related to specific natural persons succeeding any systematic and exhaustive assessment of part related to natural people formed on outlining those data or following the managing of particular class of personal data, bio-metric data, or data on criminal convictions and offences or related security measures. A data protection impact assessment is equally required for monitoring publicly accessible areas on a large scale, especially when using optic-electronic devices or for any other operations where the ability of managing power esteems that the handling is more or less, to produce in a big chance to the prerogative and independence of data matter, specifically because they check data matter from use of a prerogative or utilizing a service or a contract, or because they are carried out systematically on a large scale.
The deliverables are:
- Compliance with approved codes of conducts; &
- A methodical explanation of the predicted handling of operations and the reason of the operations, including, wherever relevant, the genuine fascination followed by the controller; &
- An assessment of the necessity and proportionality of the processing operations in relation to the purposes; &
- An assessment of the risks to the rights and freedoms of data subjects referred to in item 2; &
- The measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.
All 3 beams of JOY are based on the premise that GDPR compliance is an opportunity and no(t) (more) a threat. We mentally, legally, technically and organizationally shift from Checks and Controls to add up to Value Creation, Consumer Empowerment & Trust and Exploration if not Expedition, into the present & future of technologies.
You may thus count on our Belgian Partner for all Data Protection issues, including but not limited to the GDPR.