From May 2018, all Slovak Companies need to comply with the new EU General Data Protection Regulations (GDPR). This revised EU regulation addresses concerns we, as individuals, have about how companies use our personal data, however in doing so it brings significant challenges for those companies.

It can impact almost every part of your organization from HR to Sales to Finance as well as affect your Supply Chain and core IT systems. Companies have new responsibilities and new exposure to material fi nes and penalties if not compliant.

How can we help you

At KPMG, our team is focused on supporting companies to create effective and effi cient compliance. I would be delighted to meet you to share our topic insights to date, explore the challenges you face and jointly develop practical and timely solutions.

Goal:

We moderate a workshop with representatives from those functions most likely to be affected (typically HR, Sales, Procurement, IT and Finance) where we highlight the key requirements of the new regulation and interact with your team to identify the key processes impacted.

Your output:

Regulation applicability assessment and identifi cation of key processes impacted.

Goal:

We compare in detail the current status of your processes against the new rules and map personal data processing activities. We take into account internal processes, systems processing personal data, internal standards and procedures as well as other relevant documents

Your output:

Gap assessment identifying the specifi c gaps between the current and required processes.

Goal:

We propose relevant measures needed to achieve compliance with the new rules, including changes to processes as well as defi ning new IT system requirements. We will defi ne priorities, assess complexity and draft implementation plans.

Your output:

Implementation plans setting out specifi c changes required to process and IT systems, task responsibilities and project timing.

Goal:

We support your internal managers to make changes to existing systems or integration of new systems into your existing architecture. We help with vendor selection and can project manage implementation activities.

Your output:

Monitoring, facilitation and completion of assigned tasks in the implementation plan.

Goal:

Assess impact of system changes to compliance. Assess impact of any regulatory changes or clarifi cations on processes

Your output:

Gap assessment highlighting additional changes to be made. Compliance report which can be provided to the Supervisory authority.

Goal:

Ensure compliance with legislation as regarding the specifi c role and responsibility of the Data Privacy Officer.

Your output:

Provide a formal resource to act in this capacity either on a short- or long-term basis.

To comply, a Company will need processes in place to:
What happens if we don’t comply?

Identify, access and process all combined personal data held about an individual across the entire Company.
Provide all combined personal data stored across the entire Company to the individual, if requested by them.
Identify a data protection incident such as data leak, data loss, and inability to meet the request of an individual.
Capture, assess and report data protection incidents within 3 days of becoming aware to the Data Protection Authority.
Secure consent from all persons on which you hold and process personal data.
Manage an individual’s request to provide and or erase data you hold on them.
Have a Data Protection Offi cer appointed in your organization.
Demonstrate there is a robust security process in place around personal data.

Failure to comply with the requirements may lead to penalties of up to €20 million or 4% of worldwide annual turnover. The penalties will be imposed by the Slovak Data Protection Office.

Contact us

Should you wish more information on how we can help your business or to arrange a meeting for personal presentation of our services, please contact us.