EU’s general data protection regulation (GDPR)

20 March 2017 | by Castrén & Snellman

Tags: Castrén & Snellman Finland Financial and corporate

GDPR Implementation Projects for Various Companies

We have advised several of our clients in preparing for the European Union’s General Data Protection Regulation (GDPR). These projects have varied in scope and duration, from compliance audits to identify the gap between the current level of compliance and the new data protection requirements set by the GDPR to more comprehensive GDPR implementation plans. We also provide ongoing support throughout the various steps of implementation.

All of these projects have been based on the client’s current level of knowledge of its data processing functions, personal data streams and level of data protection. They all result in the clients having the tools to implement the necessary changes. We support our clients in the implementation phase by reviewing and drafting documents and contracts, training their personnel and providing legal opinions on various operative and administrative issues relating to personal data processing and the GDPR’s requirements.

Starting point: low knowledge

When a client has lacked a good understanding of the current state of data protection within its organisation, we have started by conducting a compliance audit of the client’s current data processing functions.

The audit provides a more comprehensive understanding of what types of personal data is being processed and how compliant the processing is with current data protection legislation. We can then give the client concrete recommendations to reach the level of compliance required by the GDPR.

Starting point: high knowledge

No audit is necessary when a client already has a clear understanding of its data processing functions and personal data flows and also has some documentation describing it. In these cases we have started directly from mapping and listing the action points needed to implement the GDPR’s requirements.

Challenges

The challenge in GDPR implementation is to recognise the client’s most valuable and high-risk personal data streams. Our job is to find how to help the client reach compliance in the most effective and simple way possible.

Understanding both the client’s actual data processing functions and the new data protection obligations is the key to a functional, tangible and lean GDPR compliance plan. We want to help our clients to use data for business development and new purposes.

Results

Together with our clients we have successfully mapped out and completed efficient and straightforward GDPR compliance processes.

Our approach gives us an in-depth understanding of the client’s data processing functions, which allows us to act as a trusted advisor throughout the implementation of the GDPR requirements.

Having us as a strategic advisor for the top management has helped our clients understand the benefits that data processing activities bring to their businesses.

The GDPR will enter into force fully on 25 May 2018.
Both private and public sector actors will have to ensure that their processing of personal data is in compliance with the requirements of the new regulation and that they are able to demonstrate this.
The new regulation will improve the rights of the individual to control their personal data in various data filing systems.

EU’s general data protection regulation (GDPR)

20 March 2017 | by Castrén & Snellman

Related articles

Another busy and successful year for Castrén & Snellman’s capital markets team

Castrén & Snellman advised DNA Oyj in the largest Finnish IPO of the decade

Castrén & Snellman advises Intermediate Capital Group (ICG) in its acquisition of Esperi Care Group

Castrén & Snellman advises Wärtsilä in its acquisition of Eniram Group

Sakari Lukinmaa appointed Managing partner of Castrén & Snellman