This indicates that being a company (or organization), one must make sure that they are well aware of all the changes coming up and what do the changes mean to you.

  • Now there should be no area to be handled solely by just one person taking on the full responsibility. So, the complete support and engagement of Board and Senior Management Team is essential.
  • Keep in consideration all resources and procedural implications of setting up an effective and robust governance team (data) for any organization.
  • GDPR needs to be added into organization?s risk register as now corporate risk management incorporates both privacy as well as data security.


This feature is regarded as important so as to make sure that individuals have better control and have proper understanding of data processing methods to be employed. This provides a means of giving individual?s stronger rights on the basis of processing.

  • The consent to be obtained must be very specific, unambiguous, given freely and well informed.
  • There must exist an agreement indicating positive indication with data controllers having enough evidence to know that consent is already given.
  • There should also be consent from the parents so as to process children?s data on internet.


GDPR would have an effect from geographic and procedural stand-points with new and far areas.

  • Data processors would have to follow certain compliance obligations as they come under the GDPR scope.
  • Even organizations operating outside EU and having target market of EU citizens would have to comply with GDPR.
  • If someone has EU presence or in some way processes data of EU citizens, would have to nominate a representative in a particular member state.

Individual?s Rights

The rights of a individual would now be more enhanced and elaborate in important areas such as

  • Right to access the data (that is, subject access)
  • Right to make corrections in the data if presence of inaccuracies is identified
  • Right to remove the personal data once the purpose is achieved (that is, right to be forgotten)

Subject Access Requests

One must plan at the earliest to handle access requests as because GDPR tends to take into account a large volume of information that would come in the scope definition of data (personal).

  • Under most of the circumstances considered, no amount of fee should be charged
  • Within a period of 1 month, a response should be made available
  • On scenarios such as data retention periods and the rights to be made available so as to have data corrected, a bit more information needs to be given


Within GDPR, one of the keys facts is to empower the individuals by becoming transparent and also clear as to how their data would be processed and also by whom. At any point in time when personal data is collected, if it?s is from clients or staff or anyone else, it must be reviewed as to how the organization decides to give the following at time of data collection;

  • The purpose and the legal basis of processing
  • The recipients of data
  • Presence of third countries where data is transferred to and the safeguards in place

Privacy By Design, DPIAs

Even before the beginning of any kind of processing, GDPR puts more emphasis in creating effective protection (data) practices as well as safeguards.

  • Projects that incorporate data, protection for the same should be considered early
  • DPIA that is, ?Data Protection Impact Assessment? is considered as a best practice and most likely a mandate in circumstances like; decisions that would lead to legal effect, special type (or category) of data processing (example, health data) and monitoring of areas that are publicly accessible.

It must be made sure that such processes would be regular and properly documented. The compliance needs must change as well as evolve as in cases of processes and business models. So, reviews must be carried out regularly and must be managed as well as recorded proactively.

What, Where, Why, How

GDPR?s aspect of accountability refers to an in-depth understanding of one?s data processing. For any kind of effective strategy of data governance to start, it first begins with comprehensive audit of data. So, it must be made sure that one should have detailed as well as documented answers to the questions given below;

  • What personal data you carry? Do you carry any specific type (category) of data?
  • Where is the data from and where it is being sent?
  • Why is the data processed? What is the purpose?


There must exist a member from an organization?s staff with required multidisciplinary skills as well as approach who understands data protection compliance better. So, the role of DPO requires a hard core understanding of the organization?s operations with skill set that is way above legal compliance. It should incorporate strategy, IT, communication, data security, risk management, etc.

GDPR has also made it clear that this role must be senior as well as autonomous as they would represent the face of data protection for one?s organization that would include having to deal with the ?Data Subjects? and ?Data Protection Authority?.

Penalties and Data Breaches:

GDPR gives in to a stricter approach so as to impose significant amount of fines.

  • Any kind of data breaches should be informed to the Data Protection Authority of having discovered it and within 72 hours
  • The individuals who have been impacted must be informed about the areas where there is existence of higher risks to their own rights as well as freedoms (examples; identity theft, personal safety)

There can be issuance of fines which can be ?20 million or 4 percent of their global annual turnover.
There can be issuance of reprimands, or warnings, or bans and fines by the Data Protection Authority.


This indicates that being a company (or organization), one must make sure that they are well aware of all the changes coming up and what do the changes mean to you.

Read more


In order to start with the process of being GDPR compliant, there must be a sense of urgency which comes down from the top management. In order to prioritize any kind of cyber preparedness, there must be the involvement of an executive leadership. Being compliant with the global hygiene standards in relation to data can be considered as a part of that preparedness.

Read more


This indicates that being a company (or organization), one must make sure that they are well aware of all the changes coming up and what do the changes mean to you.

Read more


When is GDPR coming into effect? The EU parliament approved as well as adopted GDPR as of April, 2016.

Read more


Read more

What Our Customers Say?

Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.