GDPR & LPD

The importance of personal data in modern society was established in 2016 when the EU introduced the General Data Protection Regulation (GDPR) (Regulation 2016/679), which came into force in 2018. Many countries followed the EU’s example, enacting similar laws, including Switzerland, which introduced its new Federal Act on Data Protection (LPD) in 2020.

What is GDPR/LPD?

Both GDPR and LPD establish a framework of rules and principles that companies must adhere to, ensuring the protection of personal data and transparency in its use within their respective jurisdictions.

What do GDPR and LPD entail?

Both GDPR and LPD introduce a new approach to handling and storing personal data compared to previous legislation. Key requirements include:

1. Data Protection Impact Assessments: Companies must conduct Data Protection Impact Assessments to identify and mitigate risks arising from processing personal data.
2. Transparency: Users must be informed about how their data is processed.
3. Data Minimization: Only the necessary data should be collected.
4. Purpose Limitation: Data should only be used for the stated purposes.
5. Privacy Policies: Privacy policies must be drafted or updated to explain to data subjects how their data is handled.
6. Consent and Data Subject Rights: Consent must be explicit, informed, and revocable at any time. Procedures must be in place to manage data subject rights.
7. Data Breach Management: A data breach management plan must be in place, including notification to supervisory authorities.
8. Staff Training: Staff must be trained on GDPR principles and company policies.
9. Documentation: Documentation of compliance activities must be maintained, including records of procedures, policies, and measures implemented.

How can ITAKA SA help your company with GDPR/LPD compliance?

Certifying your company to the ISO 27001 standard means covering a large part of the requirements necessary to comply with GDPR/LPD.

ISO 27001, focused on information security management, shares many elements with GDPR/LPD, including risk management, network and system protection, and incident reporting. However, to fully comply with NIS 2, additional specific aspects of the directive must be addressed.

ITAKA SA guides you through this process, offering targeted consulting services to complete your GDPR/LPD compliance. Here’s how we can help:

• Gap Analysis: We conduct a thorough assessment of your approach to personal data processing (data mapping and risk analysis), identifying areas requiring further action to ensure GDPR/LPD compliance.
• DPO/Data Protection Officer Appointment: We will determine if your organization is required to appoint a Data Protection Officer (DPO).
• Data Processing Procedures: We will verify that data processing consent is obtained in compliance with regulations, that all procedures to guarantee GDPR/LPD rights are in place, and that internal policies are updated to reflect GDPR/LPD requirements and document all compliance procedures.
• Security Measures: We will implement appropriate technical and organizational measures to ensure data security.
• Ongoing Monitoring and Updates: We will implement a continuous monitoring and updating approach to ensure ongoing GDPR/LPD compliance, including regular audits and assessments, and regularly updating policies, security procedures, and processing procedures to maintain effectiveness.

Conclusion

GDPR/LPD compliance is a mandatory requirement that cannot be ignored. ITAKA SA is the ideal partner to guide your company towards compliance, ensuring security, efficiency, and protection of personal data.