+40 744 834 052

contact@gdpshield.com

Romana Romana English English
GDP Shield

+40 744 834 052

contact@gdpshield.com

Romana Romana English English

GDP Shield

Home
Software
General PresentationFacilitiesPackages
Software
Complementary Services
DPO ServicesData Protection Compliance Implementation Procedures
Complementary Services
Data Protection
What is Personal Data Protection?Legal Obligations of the CompaniesThe Data Protection OfficerNational and International AuthoritiesGDP Shield and the International Data Protection Laws
Data Protection
Legislation
Blog
Contact us!

+40 744 834 052

contact@gdpshield.com

GDP shield

Data Protection Made Simple and Secure!

DATA PROTECTION - BETWEEN MISUNDERSTANDING AND IGNORANCE.

It is a certainty that we are proceeding with safe steps towards a potentially harmful trap for most companies regarding data privacy. This trap could be activated and used anytime, and for any purpose whatsoever, whenever certain interests could dictate it.

Is such a statement feasible? Well, yes!

Let's do a brief historical analysis in order to conclude how this legal trap could be created and how it might work.

We are already two years into entering in force of the already famous Regulation generically known as "GDPR". Other similar pieces of legislation, such as USA's California Consumer Privacy Act (CCPA), India's Personal Data Protection Bill (PDPB), Brasil's Lei Geral de Proteção de Dados (LGPD), etc., have become, or are becoming effective in the near future, and, under the circumstances, adaptation to the new principles and compliance obligations is stuck somewhere between misunderstanding, underestimation and the risk of choosing incomplete or limited compliance services.

The 25th of May 2018 moment stood under the sign of a fear of the unknown. Only a small part of the companies took steps towards compliance with the new Regulation. Strange enough, in the period immediately following GDPR's entering into force, in the absence of a major and immediate impact, the business environment gradually became more and more relaxed on the subject. And this is actually an imminent danger: underestimation of the potential impact of the laws.

What happened, in a nutshell, these two years? We propose a series of separate analysis, from the perspective of the companies, then of the data privacy compliance service providers, and subsequently from the perspective of the authorities.

Companies.

Most of the large companies have succeeded, more or less, in various ways, to apply compliance procedures to the new Data protection rules. Their financial power allowed them to undertake the specific procedures, but at considerable (and practically unjustified) costs, in order to adapt to the new legal obligations.

Small and medium-sized companies, however, although initially expressed some interest in complying with the new laws, gradually became more and more ignorant.

During all this time, companies are constantly "bombarded" with all kinds of data privacy compliance offers, with prices ranging from extremely expensive to very cheap. The "marketing" methods are extremely wide (and here you, or your company, have almost certainly already found yourself in at least one of these situations). Some "service providers" try to scare you in order to force your hand to urgently request for their services, others try to deceive you into believing that possessing a simple document puts you in a situation of compliance, others send offers of "free audit", an audit that invariably concludes serious and grave issues with your company and that suggests imperative and urgent compliance to the law by undertaking procedures provided with, evidently, very high costs, etc. One thing is for sure: almost all of the "service providers" provide "complete compliance with data privacy laws", but almost none of them actually do.  

This adds to the fact that most of the company managers live under the false impression that they don't actually need such services, that they know what is data privacy compliance, and that it's just another way for some to "legally steal" some money. But this will not exempt them from the payment of "stinging" penalties and fines.

Service providers.

Coming into force of the new data privacy laws led to the development of a market for specific services that were previously almost non-existent. The necessity for such services was quickly speculated and "filled" with all kinds of "specialized" service providers, that are actually more or less professionally prepared.

The offers of most service providers to date are nothing more than just a way to make "a quick and easy buck", and do not contain truly valuable benefits for companies.

Here are 3 methods of hoarding: the scaring method, the free audit method and the GDPR course method.

Due to an almost complete lack of specialists in the field, but especially of clear procedural rules for the application of the new data privacy laws, implementation is interpreted and applied in dozens of different ways, the vast majority of them wrong. Although, in reality, the basic rules of personal data protection are clear and concise, they have been interpreted and applied either incorrectly or intentionally altered, in order to justify a series of increased costs to the detriment of unsuspecting customers.

Authorities.

At the level of decision-making forums in this area, they almost beat the spot. There is either no coherent information on future plans or a too complicated methodology.

We are absolutely convinced that the lack of involvement of the authorities in clarifying some extremely important aspects regarding the procedures for the protection of personal data is not due to their incapacity, but it is more of an intentional and strategic move.

It is very possible (almost certainly) that in the future the authorities will initiate unexpected controls with extremely harsh and serious consequences regarding the business environment.

So all of this will change as soon as possible, and without any prior warning, and the biggest mistake that a company manager can do is to believe that the current "status quo" will not change, and there will be no controls on their activity. Such a vision is extremely dangerous and will generate, in the near future, potentially harmful consequences.

Under the circumstances, it would be useful to try to identify a good practice guide for companies that really want to comply with the law.

Evidently, two fundamental questions arise.

The first one: are we obliged, as companies of any size, to comply with the new data privacy laws?

The answer is simple and clear: YES !!

How do we identify a professional service provider to ensure correct and complete compliance with the data privacy laws?

Well, identifying a good provider in this matter is simple if only one essential rule is respected: information. Information is power, and it helps us to avoid danger. One should always and clearly inform on what services are provided and most importantly how they are provided.

Let's clarify a few fundamentals that are misunderstood by the vast majority of company managers.

Every company working with personal data must truly ensure the security of their databases and fulfill all other legal obligations: anonymization, reporting, deletions, separate management, guaranteeing the legal rights of individuals regarding their own data, risk assessment, impact analysis, notification of security breaches, relationship with authorities, etc.

Online compliance does not mean that full compliance. In determined cases, especially in the situation of medium and large companies, the legal obligations regarding personal data extend also to labor relations, to physical, direct commercial relations, to the organizational structure of the company, to the video surveillance mechanisms, and so on.

Compliance with data privacy laws does not imply only a single initial act or procedure.
The compliance activity is a continuous and permanently evolving act. And this necessarily implies the allocation of monthly costs for this specific activity. It remains, however, up to each company manager what costs they decide to allocate, and how, but it is also a matter of their ability to identify a good and professional service provider with the best cost-per-service ratio. 

Well, are there any specialized service providers that provide data privacy compliance services on all the above-mentioned levels?

The answer is: yes and no! The market is full of service providers who provide compliance with data privacy laws, but almost none of them really succeed in providing the fundamental essence of the law: data security.

We have done our due diligence on market research, and a service provider that meets all the conditions we are looking for is gdpshield.com. Its services stand out by simplicity, intuition, and user-friendliness. Their services are suitable for any type of business, of any size, and the pricing is justified and honest.

Major advantages:

- creating a secure and encrypted database,

- automation, within a software solution, of all the subsequent legal obligations stipulated in the GDPR, CCPA, PDPB, LGPD, PIPEDA and other regulations

- permanent and free technical and legal consulting services throughout the entire period of the collaboration.

- extremely competitive monthly subscription,

- a price/service ratio of excellent quality,

- no hidden costs.

You can access gdpshield.com where you will find all the necessary information, and what we find interesting is that for any questions or doubts the GDP Shield team of professionals is always available, without the need for any contractual relationship.

 In conclusion.

Don't get fooled! Inform yourself!

We suggest you look seriously and professionally at data privacy legislation worldwide.

Take all the necessary measures with regard to your personal data protection activity.

 

Infomax
Rimma
Policlinica Medica
Tadam
Tapel
Ambient
Dekolaser
Articole-Vanat
Profelis
CBS PROGAZ
Centrul Aria
ValServParchet
Avanti
Tamaian
Sigura
Marcoser
Liodent
Metropolitan
Oglan Imobiliare
Crazy Pizza
Gerotools
Etic

© GDPShield.com All rights reseved