Not prepared for

GDPR?

Secure Services (Mauritius) Ltd is the leading partner and solution provider of Forcepoint in Mauritius.

 

We are here to make sure that all your GDPR requirements are fulfilled. We are committed to advise your organisation according to its requirements and implement the best solution possible.

General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.

What types of privacy data does the GDPR protect?

  • Basic identity information such as name, address and ID numbers

  • Web data such as location, IP address, cookie data and RFID tags

  • Health and genetic data

  • Biometric data

  • Racial or ethnic data

  • Political opinions

  • Sexual orientation

Which companies does the GDPR affect?

Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:

  • A presence in an EU country.

  • No presence in the EU, but it processes personal data of European residents.

  • More than 250 employees.

  • Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data. That effectively means almost all companies. A survey showed that 92 percent of U.S. companies consider GDPR a top data protection priority.

The survey also states executives believe that industries to be most affected by GDPR are (53 percent) the technology sector followed by online retailers (45 percent), software companies (44 percent), financial services (37 percent), online services/SaaS (34 percent), and retail/consumer packaged goods (33 percent). Moreover, Mauritius being a popular touristic destination for many EU citizens, the hospitality sector is very much concerned with the regulations of GDPR.

GDPR Compliance Challenges

The GDPR imposes stiff fines on data controllers and processors for non-compliance.

Determination

Fines are administered by individual member state supervisory authorities. The following 10 criteria are to be used to determine the amount of the fine on a non-compliant firm:

  • Nature of infringement: number of people affected, damaged they suffered, duration of infringement, and purpose of processing

  • Intention: whether the infringement is intentional or negligent

  • Mitigation: actions taken to mitigate damage to data subjects

  • Preventative measures: how much technical and organizational preparation the firm had previously implemented to prevent non-compliance

  • History:  past relevant infringements, which may be interpreted to include infringements under the Data Protection Directive and not just the GDPR, and  past administrative corrective actions under the GDPR, from warnings to bans on processing and fines

  • Cooperation: how cooperative the firm has been with the supervisory authority to remedy the infringement

  • Data type: what types of data the infringement impacts

  • Notification: whether the infringement was proactively reported to the supervisory authority by the firm itself or a third party

  • Certification: whether the firm had qualified under approved certifications or adhered to approved codes of conduct

  • Other: other aggravating or mitigating factors may include financial impact on the firm from the infringement

Amount

If a firm infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement, as opposed to being separately penalized for each provision. 

However, the above may not offer much relief considering the amount of fines possible:

Lower level

Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

  • Controllers and processors under Articles 8, 11, 25-39, 42, 43

  • Certification body under Articles 42, 43

  • Monitoring body under Article 41(4)

Upper level

Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

  • The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9

  • The data subjects’ rights under Articles 12-22

  • The transfer of personal data to a recipient in a third country or an international organisation under Articles 44-49

  • Any obligations pursuant to Member State law adopted under Chapter IX

  • Any non-compliance with an order by a supervisory authority 

Source: GDPR EU: https://www.gdpreu.org/compliance/fines-and-penalties/ 

One of the most efficient solution provider for all GDPR compliance issues is our trusted partner, Forcepoint. Click the logo below to gain more insight into how Forcepoint is your 'go to' solution when it comes to GDPR. 

FP_Horizontal_Logo_3Color_RGB-01.png

© 2019 Secure Services Group - Mauritius | 213 3151 | sales@ssml.biz

  • Facebook - Grey Circle
  • LinkedIn - Grey Circle