Energy, (Power, Oil & Gas)
Food & Beverage
Shipping & Maritime
Transportation & Logistics
For the GDPR to apply you must have in your possession personal data of EU citizens (regardless of where your company or the relevant data are located). According to GDPR personal Data include name, address, social security number (in Greece referred as AMKA), health records, racial info, religious and political beliefs and even relevant photos or other media.
1) Do you know where in your organization you hold Personal Data of EU citizens?
2) Do you know the specific persons and companies that process, maintain, store, transmit and/or analyze these data?
3) Does your company have policies, procedures and registries in a written format, approved by the relevant director regarding the following?
Servers, PCs and other hardware
Mobile and Smart Devices
Storage Media, etc.
4) Are personal data being processed in a legal, accurate and accountable manner following specific retention policies and security measures, as per GDPR?
5) Could you handle the following requests (and provide relevant proof to an auditor)?
Erase a person’s personal data from your data archives and systems
Prove that you have the consent of person to process his/her data
Correct a person’s personal data wherever they may reside within your organization (even in the cloud)
Transfer a person’s personal data the data from one system or operating environment to another
Anonymize/pseudonymize a person’s personal data
Effectively notify one or more persons that their personal data have been exposed due to a breach of your systems
6) Has your company taken measures in order to comply with laws that currently apply, as far as the protection of Personal Data is concerned?
7) Has your company performed a Personal Data Protection impact analysis?
8) Has a Data Protection Officer been appointed?
9) Do the relevant C-level officers (incl. CEO) take an active interest in Personal Data protection
10) Are there written and approved policies and procedures in place, regarding the international transmission of personal data according to the GDPR
11) Are there written and approved policies and procedures (incl. awareness, education and participation) regarding preparation and conformance with the GDPR
12) Are there written and approved policies, procedures regarding a Data Protection Impact Assessment, as defined by the GDPR, for systems, changes to systems, products and services?
13) Is there a business continuity plan, regarding the company’s critical operations and data
14) Is there a disaster recovery plan regarding critical applications, infrastructure and corporate or personal data?
Please have a GDPR specialist contact me