EU GDPR

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is the European Union's (EU) comprehensive data privacy law that took effect in May 2018.

It aims to protect the personal data and privacy of individuals within the EU and the European Economic Area (EEA). GDPR imposes strict requirements on organisations regarding how they collect, process, store, and share personal data, providing data subjects with greater control over their information.

Key Components of EU GDPR

  • Lawful Processing: Personal data must be processed based on one of six lawful bases: consent, contractual necessity, legal obligation, vital interests, public task, or legitimate interests.
  • Rights of Data Subjects: GDPR provides individuals with specific rights, including the right to access their personal data, the right to rectification, the right to erasure (also known as the “right to be forgotten”), and the right to data portability.
  • Accountability and Transparency: organisations must demonstrate compliance by maintaining detailed records of data processing activities and by being transparent about how personal data is used.
  • Data Protection by Design and by Default: organisations are required to incorporate data protection principles into all new processing activities and systems from the outset.
  • Data Breach Notification: GDPR mandates the reporting of certain types of data breaches to data protection authorities within 72 hours of becoming aware of the breach and, in some cases, to the affected individuals.
  • Appointment of Data Protection Officer (DPO): Certain organisations are required to appoint a DPO to ensure compliance with GDPR, particularly those that engage in large-scale processing of personal or sensitive data.

TotalCert Consulting’s Services for GDPR Compliance

GDPR Gap Assessment and Risk Analysis

  • Gap Analysis: We begin by conducting a comprehensive gap analysis to assess your organisation’s current data protection practices against GDPR requirements.
  • Risk Analysis: Identify and evaluate data processing risks to establish risk mitigation measures and prioritise areas requiring attention.

Data Mapping and Documentation

  • Data Mapping: We assist in identifying where and how personal data is collected, processed, stored, and shared across your organisation.
  • Documentation: Develop the required GDPR-compliant documentation, including a Data Processing Register, Data Protection Impact Assessments (DPIAs), and privacy notices.

Policy and Procedure Development

  • We help create GDPR-compliant privacy policies, data processing agreements, data retention schedules, and consent management procedures.
  • We guide you through setting up data subject request handling processes to effectively manage requests such as access, erasure, or correction.

Implementation of Data Protection Measures

  • Technical and organisational Measures: We assist with implementing necessary technical controls (such as encryption and pseudonymisation) and organisational measures (such as access controls and employee training) to protect personal data.
  • We help your organisation implement Data Protection by Design and by Default practices to ensure that privacy principles are integrated into every system and process from the outset.

Employee Training and Awareness

  • Awareness Training: We provide training programs to ensure that employees understand GDPR and their responsibilities in handling personal data securely.

Data Breach Management

  • We support your organisation in developing and implementing a Data Breach Response Plan to handle data breaches efficiently, including breach identification, containment, and notification requirements.
  • We help ensure that your organisation complies with GDPR’s 72-hour breach reporting timeline, minimising the potential impact of a data breach.

Appointing and Supporting Data Protection Officers (DPO)

  • For organisations required to appoint a DPO, we assist in DPO selection and onboarding.
  • If you do not have a DPO, we offer DPO-as-a-Service to fulfil the responsibilities of overseeing GDPR compliance.

Third-Party Audit and Compliance Reporting

  • We conduct internal GDPR audits to verify compliance and identify areas for improvement.
  • Our team assists with the preparation of compliance reports and supports your organisation during third-party audits or regulatory inquiries.

Project Timeline

The timeline for GDPR compliance depends on the complexity of your data processing activities, organisational structure, and existing privacy practices. Typically, three to six months are required for most companies to become fully compliant, but the process may take longer for large organisations with extensive data processing activities.

Ready to Start your EU GDPR Journey?

Expertise in Data Privacy

Our consultants have significant experience helping organisations navigate complex data privacy regulations like GDPR, POPIA, and other global standards.

Tailored Solutions

We provide personalised services that are designed to meet the specific privacy requirements of your business and industry.

Global Certification Partners

We collaborate with globally Recognised certification bodies accredited under the IAF to validate your compliance practices, ensuring adherence to internationally accepted standards.