Implementation of the requirements of the General Data Protection Regulation (GDPR)
Implementation of GDPR requirements is mandatory for the following enterprises:
- enterprises that provide services and/or goods from the Republic of Moldova, or any other non-EU country for the European Economic Area ( EU Member States + Iceland, Liechtenstein and Norway)
- European Union enterprises operating in the Republic of Moldova or in other non-EU/EEA countries;
- Enterprises from the Republic of Moldova or from any other non-EU country that stores in the cloud on the EEA territory.
GDPR specific requirements:
- Regulatory Impact Assessment
- Prior consultation with the Supervisory Authority (DPA)
- Developing of security policy (internal Regulations) at the personal data processing over the filling systems managed by the enterprise (human resources, accounting, correspondence, video surveillance, access control, webpage, mobile applications etc.)
- Assessment and taking over the GDPR requirements, including the fulfillment of the control and compliance checks measures by the employees
- Training of employees and recruits on GDPR legal status
- Enterprise’ representation in relation to the Supervisory Authority, public and private agencies, and data subjects
Registration and authorization of enterprises at the National Center for Personal Data Protection
- Identification of filling systems and databases or registers to be registered within DPA
- Internal regulations (regulations, instructions, contracts, surveys) checks in terms of compliance with the personal data protection requirements
- Drafting and amendment of internal regulations in line with requirements in the field of personal data protection
- Submission of notifications to DPA and application for registration / authorization as a personal data controller
Fulfilling the tasks and responsibilities of the Data Protection Officer that relate to:
External auditn
- Identification of filling systems, databases, information registers that contain personal data
- Establishment of regulations, instructions, internal provisions and checking their compliance with the requirements in the field of personal data protection
- Issuing proposals and recommendations in order to comply with the legal regime for the protection of personal data
Endorcement
- Privacy by design – adaptation at the processing of personal data, from the moment of conception of information systems, databases, web site logs, cookies, applications, physical file/folder storage procedures, etc
- Privacy by default – continuous adaptation of compliance and security requirements to adjust fully at the processing of personal data
The activity of drafting and adapting internal documents
- Amendment of internal documents (instructions, regulations, orders, disposals, contracts, inquiries, etc.) in accordance with the requirements in the field of personal data protection
- Drafting regulations, instructions, orders, disposals, contracts, inquiries, information notes, confidentiality clauses in accordance with the requirements in the field of personal data protection
Representation
- Representation in relation to individuals (data subjects)
- In relation to law enforcement
Education
Training recruits and employees in the field of personal data protection and providing practical solutions and recommendations on personal data processing related on to specific cases
Checks
- Verifying compliance by internal staff with internal orders and provisions, including requirements in the field of personal data protection
- Performing simulation measures in order to ensure the requirements in the field of personal data protection
Consulting
- Providing support and generating solutions for individual cases by phone or e-mail or performing business visits at the beneficiary’s office.
Information
- Information via email or viber/skype/whatsApp/telegram/messenger on the latest trends and news from the field of personal data protection
- Informing about the amendments and completions of the current legal framework regulating the personal data protection