/Employees/BNB.jpg)
Brian Bomholdt
Every individual has the right to the protection of their personal data, and anyone processing personal data in a non-private context is obligated to respect these rights and protect the data. These rights and obligations are collectively referred to as "data protection."
Data protection is a rapidly evolving field. National supervisory authorities and European institutions are continuously issuing new guidelines, rulings, and clarifications, which both public and private organizations must comply with.
There is also increasing attention to data protection—from consumers and society at large—in response to data breaches and the misuse of personal information. Data protection is therefore more than just regulatory compliance; it is a foundation for stakeholder trust. For this reason, data protection should be an integrated part of any organization’s operating model, with compliance continuously monitored and controlled.
A strong and up-to-date GDPR compliance framework reduces risk for data subjects and protects the organization from data breaches, regulatory investigations, liability claims, enforcement actions, fines, and reputational damage.
Establishing a strong GDPR compliance framework—and maintaining it as the regulatory landscape and the organization itself evolve—can require significant internal resources. This includes changes such as new business areas or customer groups, acquisitions, or the adoption of new technologies.
BDO supports organizations in this process through services including:
All companies, organizations, and public authorities that process personal data are subject to the General Data Protection Regulation (GDPR), which was adopted in 2018. Personal data is not just information about health, political beliefs, sexual relationships, and the like, but it is all information that can be attributed to a person, such as address, phone number, and email.
Let us help answer all the other questions you may have about the EU General Data Protection Regulation and provide advice on implementing the new requirements for data controllers or processors.
We have extensive knowledge of the GDPR and advise on the legislative requirements for companies, organizations, and public authorities. Our advice focuses particularly on how the many provisions of the regulation can be implemented in practice, thereby providing value and ensuring that personal data is recorded and processed correctly. In our advice, we build on already established policies, procedures, and security measures for the protection of personal data.
Brian Bomholdt