GDPR Project and Representative
From 25-May-2018 the European Regulation for data privacy GDPR (General Data Protection Regulation) became effective. Debiopharm, a pharmaceutical company based in Switzerland, managing sensitive personal data of subjects in the European Union, wanted to become fully accountable to the GDPR.
Vivenics’ first assignment was to execute a quick scan in order to determine the status of the organisation for privacy and data protection. In a follow-up project we implemented all required measures to become and stay GDPR compliant. As Debiopharm is not based in the EU and requires a GDPR Representative in the EU, Vivenics is asked to fulfil that position on behalf of Debiopharm.
Vivenics has provided a professional GDPR team of technical, procedural and legal knowledge to cover all relevant GDPR topics. In three intense, short visits the team interacted with Debiopharm to get the results with excellent quality, within time and budget. Stakeholders have been identified and existing processes and systems have been assessed. Policies and procedures, adjusted to match the specific Debiopharm characteristics, have been created or updated. DPIAs have been executed where needed and a data privacy officer has been appointed and trained. Using a risk based approach allowed the Vivenics team to minimise cost-increasing aspects for Debiopharm, and smooth the impact on the people and working methods.
In less than a year GDPR risks were identified and counter measures were implemented. At the end of the project Debiopharm was fully GDPR accountable and has asked Vivenics to stay on board as their GDPR Representative and privacy advisor in the EU.
Vivenics used a proven approach in combination with a down to earth consultancy style. This resulted in an open atmosphere with a project focus to get the job done for minimal costs and maximum result.
Vivenics is a no-nonsense Dutch company that minimises the impact on your organisation.