I-Teco: The comprehensive program of consulting on GDPR

The comprehensive program of consulting on GDPR from department of information security of I-Teco is designed to help clients to minimize the risks connected with checks of regulators and to bring processing and personal data protection into accord with requirements of regulations of GDPR.

2019: Development of the program

On April 10, 2019 the I-Teco company announced development of the program of consulting for GDPR. The specialists working according to this program underwent professional certification.

As you know, since May, 2018 the countries of the European Union live on the updated regulations of personal data processing of GDPR which also the Russian companies performing personal data processing in the EU should observe. For violations solid penalties are provided.

The department of information security of I-Teco developed the special program of consulting for GDPR which will allow clients to minimize the risks connected with checks of regulators and to bring processing and personal data protection into accord with relevant requirements.

The specialists of department of information security working according to this program have all necessary competences and knowledge. In 2019 several employees underwent special professional certification on data protection on the GDPR standard. Among them — Igor Zheleznyak, the head of department of consulting of department of information security of I-Teco.

According to order of the Russian President, the permanent representative of Russia at the Council of Europe on behalf of Russia signed on October 10, 2018 in Strasbourg the SDSE No. 223 Protocol on changes in the European Convention on protection of individuals at automated personal data processing No. 108 making significant changes to the Convention including regarding harmonization of its many provisions with regulations of GDPR. Actually it means that Russia undertook obligations for introduction of amendments to the national legislation, necessary for implementation and effective use of above-mentioned changes of provisions of the Convention — Igor Zheleznyak explained.

According to the expert of I-Teco Igor Zheleznyak, in the next years emergence of legal mechanisms of GDPR in the national legislation of the Russian Federation in the field of the organization of processing and personal data protection is expected.

The comprehensive program of consulting on GDPR from department of information security of I-Teco includes the following key events:

• carrying out inspection of processing of PD and formation of the register of processings of PD;
• detection of discrepancies to requirements of GDPR within processing of PD in the company of the Customer and development of recommendations about reduction in compliance;
• identification of controllers and processors, development of documentation for formalization of the relations between controllers and processors (Data process agreement);
• carrying out estimates of legitimate interest of the Customer regarding processing of PD (for cases when legitimate interest is the basis for processing of PD);
• development of forms of soglasiya on processing of PD taking into account requirements of regulations;
• development of Privacy policy for the company and Privacy notes for employees;
• development of Standard contractual conditions (Standard contractual clauses) for fulfillment of requirements of GDPR at cross-border transfer of PD;
• development of the local regulation of the Customer about the organization of processing of PD including the description of sale of other GDPR mechanisms.

Also consulting on GDPR includes evaluating risks for subjects of these (Data protection impact assessment) and plan development of processing of risks and also evaluating fulfillment of requirements to protection of PD at design (Privacy by design) and protection of PD by default (Privacy by default), development of recommendations about accomplishment of these requirements.