From May 2018, all Slovak Companies need to comply with the new EU General Data Protection Regulations (GDPR). This revised EU regulation addresses concerns we, as individuals, have about how companies use our personal data, however in doing so it brings significant challenges for those companies.
It can impact almost every part of your organization from HR to Sales to Finance as well as affect your Supply Chain and core IT systems. Companies have new responsibilities and new exposure to material fi nes and penalties if not compliant.
How we can help
Failure to comply with the requirements may lead to penalties of up to €20 million or 4% of worldwide annual turnover. The penalties will be imposed by the Slovak Data Protection Office.
- Identify, access and process all combined personal data held about an individual across the entire Company.
- Provide all combined personal data stored across the entire Company to the individual, if requested by them.
- Identify a data protection incident such as data leak, data loss, and inability to meet the request of an individual.
- Capture, assess and report data protection incidents within 3 days of becoming aware to the Data Protection Authority.
- Secure consent from all persons on which you hold and process personal data.
- Manage an individual’s request to provide and or erase data you hold on them.
- Have a Data Protection Offi cer appointed in your organization.
- Demonstrate there is a robust security process in place around personal data.
How we at KPMG can help you – a proven methodology
Scanning workshop
Goal: We moderate a workshop with representatives from those functions most likely to be affected (typically HR, Sales, Procurement, IT and Finance) where we highlight the key requirements of the new regulation and interact with your team to identify the key processes impacted.
Your output: Regulation applicability assessment and identifi cation of key processes impacted.
Analysis
Goal: We compare in detail the current status of your processes against the new rules and map personal data processing activities. We take into account internal processes, systems processing personal data, internal standards and procedures as well as other relevant documents
Your output: Gap assessment identifying the specifi c gaps between the current and required processes.
Future state design
Goal: We propose relevant measures needed to achieve compliance with the new rules, including changes to processes as well as defi ning new IT system requirements. We will defi ne priorities, assess complexity and draft implementation plans.
Your output: Implementation plans setting out specifi c changes required to process and IT systems, task responsibilities and project timing.
Implementation assistance
Goal: We support your internal managers to make changes to existing systems or integration of new systems into your existing architecture. We help with vendor selection and can project manage implementation activities.
Your output: Monitoring, facilitation and completion of assigned tasks in the implementation plan.
Ongoing maintenance and compliance testing
Goal: Assess impact of system changes to compliance. Assess impact of any regulatory changes or clarifi cations on processes
Your output: Gap assessment highlighting additional changes to be made. Compliance report which can be provided to the Supervisory authority.
Data Privacy Officer
Goal: Ensure compliance with legislation as regarding the specifi c role and responsibility of the Data Privacy Officer.
Your output: Provide a formal resource to act in this capacity either on a short- or long-term basis.
Contact us
Contact us directly to discuss if and how the regulation applies to you. Alternatively contact your existing KPMG Relationship Manager and she/he will coordinate a follow up with us.
