GDPR (General Data Protection Regulation) enters into force on 25.5.2018. The new regulation concerning GDPR applies to all entities working with personal data, therefore, it is necessary to have personal data protection in line with the GPDR regulation. This means preparing security documentation, taking personal, organizational and technical measures and implementing them into business processes.

What GDPR brings:

  • New definition of personal data - it is any information that identifies a particular person, e.g. name and surname, address, date of birth, birth number, biometric data, facial images, fingerprints, signature, phone number, sufficiently specified email address, but also IP address or cook
  • The organization must provide a clear demonstrable consent to the processing of personal data for each purpose of processing personal data
  • Need to have a processed risk analysis for all software that contains personal data
  • Any violation of personal data protection must be reported to the Office for Personal Data Protection no later than 72 hours from the discovery of this fact and every case of personal data breach must be duly documented, including the measures taken
  • Introduction of the principle “minimisation of personal data processing” - data should not be processed longer than necessary and are to be processed only for the purpose for which consent has been given
  • Introduction of new rights for the persons concerned: right of access by the data subject, right to rectification, right of erasure (“right to be forgotten”), right to restriction of processing, right to data portability, right to object,
  • Fines up to EUR 20 million or 4% of global annual turnover

What can Octigon do for you:

  • Provide consultations to verify the extent to which GDPR concerns you
  • Process analysis to identify weaknesses in IT systems, processes in the company, identification of deficiencies at individual levels of the organization and in individual processes
  • Prepare an implementation plan - based on legal analysis and risk analysis. The implementation plan will contain an accurate list of deficiencies that are not in line with the GDPR and a proposed solution to tackle them
  • Ensure implementation supervision and security testing
  • Provide DPO (data protection officer) who will be responsible for protection of personal data within your company

Contact: Lucia Lanáková, mail:, tel: +421 948 271 757