Digital compliance
In the end use you can think of the risks of metadata. Metadata are personal data generated by systems about digital behaviour as a result of the use of these systems. The use of internet technology simply implies that the technical means provide information about IP addresses, website visits, search behaviour, who is in contact with whom or with someone’s location. With this data, personal preferences and situations can be derived and profiles can be created.
Devices can now also be connected to the internet and reveal a lot of information about individuals. Think of smartphones, web cameras, thermostats, smart meters, garage doors or lighting. All these devices (The Internet of Things) generate personal data that can be used for profiling and introduce privacy risks. The GDPR explicitly points out the risks involved and prescribes mandatory technical measures to combat these risks.
Our working method is based on universal privacy principles and risks. We ask you the following questions:
- How do you process personal data?
- Do you have a legitimate interest in processing personal data?
- What security measures have you taken to protect the personal data?
- Who has access to the personal data?
- Are personal data not kept longer than strictly necessary?
- Can data subjects exercise their rights to delete or view personal data?
Based on these findings, you will receive appropriate advice from us, taking into account the size and capabilities of your organisation. The assignment is drawn up in collaboration with you and the depth of the research can therefore be filled in as desired.
Forvis Mazars can help you with
Forvis Mazars' IT and privacy specialists have extensive experience in performing Data Protection Impact Assessments (DPIA), GAP analyses, AVG / GDPR compliance assessments, Wbn and regulatory requirements (such as the Dutch Data Protection Authority, Telecom Agency, competition authorities and the Nederlandsche Bank).
Forvis Mazars also has specialists who can support your organisation in drafting and developing privacy-related documents, such as a privacy policy, data breach notification procedure and register of personal data processed by your organisation. Our personal approach means that our findings and advice are of lasting value.