The EU General Data Protection Regulation (GDPR) forms the basis of data protection regulations that are aimed at protecting the personal data of residents in the European region (EU member states plus Iceland, Liechtenstein and Norway). The primary purpose of the GDPR is the protection of the fundamental rights and freedoms of natural persons and, more specifically, the right to the protection of personal data as well as the free flow of personal data within the EU. Even businesses outside of Europe have to comply with the often complex GDPR prescripts if they observe or process the personal data of EU residents. GDPR compliance is vital. We are your GDPR experts!
We are a global company headquartered in Germany. This places us in intimate proximity with all the latest regulatory developments and trends pertaining to GDPR. We live our core values of data protection and information security, and we strive to instil these values to protect personal data and to help our clients conform with GDPR prescripts – wherever they may be. Designing, developing and implementing state-of-the-art, secure and reliable solutions is paramount. Modern consulting methods, top technology as well as holistic, future-proof approaches – how we guide our clients to smart and secure solutions. Our vision is to reach far beyond compliance with regulatory prescripts to changed mindsets and sustained business resilience and success for our clients and partners.
To ensure due compliance with Art. 37 GDPR, which makes it mandatory for EU companies with 20 or more employees to appoint a DPO for the collection & processing of certain types of personal data.
Art. 27 GDPR prescribes that companies with operations outside of the EU that observe, collect or process the personal data of EU residents must appoint an EU representative operating within the EU.
More detailed information in „The UK GDPR Measured against the EU GDPR – the Basics for Companies„
Processors of personal data must, according to Art. 25 GDPR, ensure data protection by design and by default. Through our unique interweaving of our core competencies of compliance, strategy and technology, we are aptly positioned to design and implement the requisite technical and organisational measures (TOMs) to ensure the prescribed levels of data protection.
According to Art. 35 GDPR, data controllers must carry out a data protection impact assessment if a form of processing, in particular when using new technologies, is likely to result in a high risk to the rights and freedoms of natural persons due to the nature, scope, context and purposes of the processing.
As an international consultancy with a focus on compliance, governance and risk, we conduct data protection impact assessments and risk assessments together with our clients.
Controllers and processors of personal data must implement appropriate technical and organisational measures (TOMs) to ensure adequate levels of security appropriate to risk (Art. 32 GDPR). For your company, we have direct access to efficient data security measures to ensure pseudonymisation, encryption, consistent confidentiality and evaluation measures.
Compliance audits are an essential part of effective compliance management. The GDPR prescribes that companies must design and implement technical and organisational measures (so-called TOMs) that ensure that the required levels of personal data protection are maintained. We eloquently interweave our core competencies of strategy, compliance and technology to best tailor according to your business needs.
Do you process personal data of individuals to:
a) Offer goods or services to individuals in the EU/EEA (regardless of whether payment is required)?
b) Monitor their behaviour (if such behaviour occurs in the EU/EEA)?
If you have answered "Yes" to any of the questions in part A, your business must comply with EU GDPR in respect of the personal data of EU/EEA residents used to offer goods or services or whose behaviour is monitored.
If you have answered "No" in the last question (in part B), your business requires to comply with EU GDPR in respect of the personal data of EU/EEA residents used to offer goods or services or whose behaviour is monitored and you require to appoint an EU (GDPR) representative that operates in the EEA member country, where the individuals, whose personal data is process or monitored, reside.
We are a team of inter-disciplinary consultants from Germany and collectively, we offer customised one-stop-shop solutions to SMEs in the areas of strategy, compliance, sustainability and IT.
Trust us to launch your company to grow globally & into the future.
valvisio international AG
90402 Nuremberg, Germany
+49 911 47 75 87 – 0
c/o Factory Works GmbH
Rheinsberger Str. 76/77
10115 Berlin, Germany
142 Cromwell Road, London SW7 4EF, United Kingdom