GDPR | The General Data Protection Regulation

To learn more about our services, leave your contact information here, and we will get back to you, or call 03-9450630.

What is GDPR?

GDPR is the European Union’s privacy protection regulation, which came into force on May 25, 2018. It was designed to enhance the security measures for protecting EU residents’ personal data collected by businesses and other organizations.

Failure to comply with this regulation could have dire consequences, including millions of euros in fines and European bodies refusing to work with you.

Hermeticon is a leader in regulatory and statutory compliance. Working with us means having experts well-versed in the technical, organizational, and legal aspects of information security at your service, ready to meet your organization’s unique needs.

In addition, with our CISO as a service offering, you can get a unique solution tailored to your needs, resources, and field of business.

What counts as personal data?

The GDPR defines personal data as any information related to an identified or identifiable natural person. This can include names, identification numbers, web browser history, genetic information, emails, digital credentials, and more. The regulation and its accompanying documents expand on this definition further.

Who is required to comply?

The regulation applies to all data controllers and data processors based in the EU.

A data controller is anyone who orders data collection and processing, usually for business purposes.

The data processor is the party that collects, processes, and stores data for the data controller.

The GDPR requirements can apply to businesses outside the EU if they store personal data that identifies EU residents (who sell products or services) and/or if they use websites or applications to track European consumers’ behavior.

Businesses based outside the EU but still required to comply with the regulation must appoint an EU-based DPR and give them power of attorney to represent them in dealings with the regulators.

GDPR compliance is not required in the following cases:

• The data is for personal use.
• The data is used for investigation and crime prevention purposes.
• The data is used for national security purposes.

Businesses outside the EU that collect and process personal data that identifies EU residents must appoint an EU-based DPR and give them power of attorney to represent them in dealings with European privacy protection regulators.

What are the rights of EU residents whose data is stored with your organization in accordance with the regulation?

• The organization has to be able to provide data subjects (the individuals whose data the organization has collected) with a copy of their data in a timely and accessible manner.
• The organization has to inform EU residents that it is collecting data from them and explain which data is being collected.
• If the data is incorrect or outdated, the organization must update it and inform any relevant third parties.
• If some of the data in the organization’s database are no longer relevant, or if the person it belongs to withdraws their consent, the organization has to delete the data.

How does the GDPR affect Israel?

The regulation applies to everyone who uses EU residents’ data, including Israeli organizations.

The regulation also states that all database owners must ensure that anyone to whom they transfer data complies with the regulation.

When the data controller (the database owner) signs a contract with a third party that processes data for them (a data processor), that contract has to include GDPR requirements for the data processor to comply with. The standard document for these types of contracts is called a data processing agreement (DPA).

How can I ensure my organization complies with this regulation?

To secure your data and get your organization GDPR-ready, the best thing to do is seek expert help.

Our experienced consultants will assess your organization’s needs and know exactly how to get you to where you need to be in terms of compliance.

The first step is to map your organization and its technology and assess it for vulnerabilities and compliance gaps. Next, Hermeticon’s experts will craft a detailed work plan, addressing every aspect of the process: legal, organizational, and technological.

Once we figure out the exact steps we need to take, we will:

• Prepare the legal paperwork, including a DPA
• Implement controls
• Write and implement procedures
• Assess supplier work processes
• Assess your IT infrastructure
• Train your workforce and more

Why choose Hermeticon? We’re glad you asked!

Hermeticon’s bespoke personal service means we can give you precisely what you need—no more, no less.

Working with us, you will receive best-in-class professional support. The team we will assign to your project will include a regulatory compliance consultant with proven information security expertise, a legal advisor, and a project manager whose job is to make sure the project is on schedule and to keep you happy!

A carefully crafted work plan is critical! A neat and detailed work plan is a great way to impress the regulator (though, of course, following the project is important too). Luckily for you, work plans are one of our specialties!