Skip to main content

The General Data Protection Regulation (GDPR) came into force on 25th May 2018. The good news is that data privacy principles remain the same. The challenge is that there are many more requirements under this regulation which companies must adhere to. Many of the new requirements focus on data security aspects. D4n6 is best placed to provide various services in this respect by combining its information security and legal expertise under one roof.


GDPR Compliance

Compliance with GDPR involves various elements. We have set up a streamlined system from data analysis to training to cover all your possible needs. If you are looking for a one-stop-shop to ensure your compliance with GDPR we can help.

We customise our compliance programme depending on the size of your organisation. Our services include:

  • data gathering and assessment;
  • policy drafting and review;
  • security process analysis;
  • advisory on various privacy aspects and data subject rights;
  • language simplification of client-facing documents;
  • training sessions and awareness campaigns;
Contact Us

Security of Processing

A guiding principle in GDPR is that data privacy should be ‘by design and default‘. This applies to technical and organisational measures. So each time you handle people’s personal data e.g. of employees or clients, you need to make sure that data protection is factored in.

All processing must adhere to the principles of data protection. For instance, do you know when to encrypt,  pseudonymise or anonymise data?  Moreover, unless you have a good reason to do so, data that you no longer need, should be deleted.

All data should be kept securely and for this ideally you should have a strong information security policy to cover processing of data, whether it is stored in a physical or digital location.

D4n6 can take you through this whole process and guide you to set up the security requirements which work for you and which ensure that your data is properly protected.

Contact us

Handling Personal Data Breaches

In the event of a data breach, if personal data is exposed, you have 72 hours within which to notify the supervisory authority. In Malta, this would be the Office of the Information and Data Protection Commissioner (IDPC).

Apart from notifying the authorities, you are also requested to communicate the data breach to the data subjects without delay. This only applies if the data breach can put the data subject at risk. If for instance, the data stolen is encrypted, this requirement would not apply.

In most cases however, to be sure whether a data breach has occurred, one would need to analyse the data first. Suspicion of a breach alone does not trigger the notification process. This is where D4n6 can come into play and assist organisations with assessing the facts of the data breach and whether such occurred in the first place.

Moreover D4n6 can help you protect against any future breaches by advising on the right information security posture required to minimise such risks.

contact us

Data Protection Impact Assessments

Conducting an impact assessment is a way to help you understand how your product or service could affect customer data. Once you carry out the exercise you can identify any risks in your processes. In doing so, you can then plan how to counter-act those risks (data privacy by design) before launching your product or service.

GDPR requires that an organisation carries out this kind of analysis whenever there is a high risk that customer’s rights and freedoms can be affected.

We can assist you in carrying out such assessments and also train you to be self-sufficient in carrying out these tasks on an ongoing basis.

contact us