E- PRIVACY LAW
WELCOME TO THE RELENTLESS
WHO WE ARE
The processing and the storage of personal data bears a heavy responsibility for any business therefore, how do you know that you are doing enough to secure the privacy of the individuals whose data you hold and are trusted to protect ?
Likewise in addition to the regulatory needs to process and protect personal data responsibly, similarly there are a growing number of specific international privacy laws such as CDPA in China, and the ePrivacy in Europe.
At Relentless Privacy and Compliance Services we deliver privacy compliance to organisations across all business sectors. Subsequently clients achieve GDPR data protection act compliance without any operational disruptions.
FREE DATA PRIVACY SERVICE
Free 60 minute consultation on your GDPR requirements
IF YOU ARE INTERESTED IN OUR SERVICES PLEASE COMPLETE THE CONTACT FORM
COMPREHENSIVE PRIVACY SERVICE
Individuals are using global digital platforms to learn, find work, showcase their talent, and build personal networks. Some 900 million people have international connections on social media, and 360 million take part in cross-border e-commerce. Digital platforms for both traditional employment and freelance assignments are beginning to create a more global labor market.
Mapping and documentation of data processing activities are required under the GDPR.
MEET OUR TEAM
Khwanchira specialises in data privacy mapping to the GDPR DPA 2018 regulations. Khwanchira has led a number of GDPR projects across diverse industries and also specialises in global data privacy laws worldwide.
SENIOR PRIVACY AND COMPLIANCE ASSOCIATE
Robert brings a wealth of international compliance experience across diverse industries. With over 20 years experience in senior global IT Operations and compliance management.
IF YOU ARE INTERESTED IN OUR SERVICES PLEASE COMPLETE THE CONTACT FORM
RELENTLESS DATA PRIVACY SERVICE
PRIVACY COMPLIENCE BY DESIGN
WHY YOU SHOULD CHOSE RELENTLESS
Client focused Data Privacy Experts
Our team has over 30 Years industry experience in the global data protection and data privacy sector.
Large Number of successful GDPR Implementations
Our adaptable and knowledgeable team has delivered GDPR compliance across industries from startup’s to PLC.
Frictionless Implementation Delivery Approach
Our bespoke GDPR delivery framework ensures data privacy compliance is delivered without disruption of business operations.
Free Initial Consultation Meeting
We are pleased to meet prospective clients for a free initial meeting to discuss their data privacy requirements. This can be at your offices or by video link.
OUR LATEST NEWS
The GDPR (General Data Protection Regulation (GDPR) came into law on 25 May 2018. Many organisations offering services to European subjects do not have a presence in Europe. They have their Headquarters or branch offices in other locations around the...
GDPR and LGPD: The Differences between the EU and Brazil’s Data Protection Laws Your Business Needs to Know
As Brazil readies itself for the arrival of its new General Data Protection Act in February 2020, we outline how it differs from GDPR, and what those differences mean for businesses like yours. It's a familiar story that's been told with ever-increasing frequency over...
The latest country to follow in the EU’s data protection footsteps, Thailand is gearing up for the arrival of its first bill to protect individuals’ personal data rights, but what does this mean for your business? Relentless’ global data privacy experts have the answers.Thailand’s relationship with the concept of privacy has always been a curious one to say the least. For years, the idea that individuals have a right to privacy was a key part of the country’s national constitution, albeit one without any kind of law or regulation forcing businesses to uphold that right.
WHAT OUR CLIENTS SAY ABOUT US
WHAT OUR CLIENTS HAVE TO SAY
Director of Operations at Frontier Developments PLC
Relentless were invaluable in helping us prepare for GRPR. They engaged with our organisation fist to understand how we worked and our needs, before providing a workable plan to compliance and support beyond. We have now engaged with Relentless for our outsourced DPO service.
Relentless delivered our GDPR assessment and implementation project to a very high standard. Their expertise in this area allowed them to work with all business units without any interruption of operations . They also provided expert legal services in relation to contracts and privacy policies. We have now engaged with Relentless for their ongoing outsourced GDPR Advisory Service.
FREQUENTLY ASKED QUESTIONS
Who does GDPR affect ?
The GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What are the penalties ?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors – meaning ‘clouds’ are not exempt from GDPR enforcement.
How does GDPR affect marketing strategies ?
The EU’s new data protection rules are designed to give your customers more power over how their information is handled. Ready to run because you’re based outside of the EU, or you’re willing to wait for Brexit? Not so fast. Anyone who interacts with any EU citizen will be governed by the GDPR, regardless of where your company is located.
What steps should businesses consider to address this?
There are several steps businesses should consider to address this right and the requirements related to it in the Act, including:
- identifying and inventorying the categories and specific types of personal information a business collects and shares, which is commonly achieved by data flow mapping;
- updating privacy policies, disclosures and notices to adequately disclose their personal information collection practices, including the information listed above; and
- implementing policies and procedures that provide an avenue for a consumer to request the information described above and enable the business to meet those requests, including a process for verifying identity. At a minimum, businesses must provide:
- (1) a toll free phone number and
- (2) a contact method provided on the businesses’ website, if the business has a website.
How is the collection of data defined under CCPA ?
Consider the CaCPA, a business’s collection of personal information is defined to include “buying, renting, gathering, obtaining, receiving, or accessing . . . by any means.” CaCPA § 1798.140(e). This includes both:
(1) actively gathering information about a consumer through forms or other means of communication; and
Do companies need to be compliant after Brexit ?
If a company processes data about individuals in the context of selling goods or services to citizens in other EU countries then it will need to comply with the GDPR, irrespective as to whether or not the UK retains the GDPR post-Brexit. If activities are limited to the UK, then the position (after the initial exit period) is much less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. The expectation is that any such legislation will largely follow the GDPR, given the support previously provided to the GDPR by the ICO and UK Government as an effective privacy standard, together with the fact that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market. More information can be found at.
What is the California Consumer Privacy Act (CCPA) ?
The California Consumer Privacy Protection Act (CCPA) is a new data security law that is set to take effect on January 1, 2020. The law requires businesses transacting in California to cooperate with consumers in requests concerning how their data is being used, prohibiting companies from collecting their data, and requesting the deletion of any already-collected data. It also permits companies to offer financial incentives to consumers for collecting and using their data, and additionally prevents them from selling data belonging to minors under the age of 16 without prior consent. From a security standpoint, businesses must use reasonable security measures and access controls when protecting consumers’ personal data.
Companies with annual gross revenues of more than $25 million are required to comply with the CCPA if they collect consumers’ personally-identifiable data. Business entities of any size and type may also be required to comply if they work with the data of at least 50,000 consumers or derive at least half of their annual revenues from selling consumers’ personal information. Companies could be liable for civil penalties of up to $750 per exposed user or $7,500 per other violation, injunctive or declaratory relief, or other court-approved relief for noncompliance.
Free Privacy Consultation
- the categories and specific pieces of personal information the business has collected;
- the sources from which the business collected the personal information;
- the business or commercial purpose for collecting the personal information; and
- the categories of third parties with whom the business shares the personal information.
FREE PRIVACY CONSULTATION