GDPR at a glance

We have below a typical situation of a European service provider that outsources part of its activity to a Contractor outside of the EU. This contractor (it could be you) can himself hire subcontractor for specific task. Any user on European territory that will provide its consent for usage the usage of personal data belonging to him. The consent is usually given through General Terms of Use (GTU).

From this point on, any third party helping the main service provider users have given their consent to has to comply to specific security standards as well as to state it is using data flowing in its systems solely for the purposes listed in the General Terms of Use.

Notion of accountability : We say that the EU service provider is accountable to the users and the Data Protection Authority (in our example the CNIL). And that it is accountable for the contractors he hires.

Risks of non-compliance

Fines from the European Union for non-complying organizations can range from 10 to 20 million euros or from 2% to 4% of global turnover depending on the infringement. That does not consider the damages on the brand or the loss of trust from the clients. Our services will help you know what is at stake for your organization and take sensible actions.

More information:

UK IT Governance

GDPR PENALTIES

FRENCH DATA PROTECTION AUTHORITY WEBSITE (English)

Guidelines on Data Protection Assessment (PIA)

For the bravest, the GDPR text itself

Overview of the compliance documents

Main documents one has to fill in order to comply are as described above :

Record of processing activities
Privacy impact assessment
Record of violations

GDPR at a glance

Risks of non-compliance

Overview of the compliance documents

Contact us

Network