05:56:33 - 19.12.2018

Download Brochure


Training Partners


Security Partners


Forensics Partners


ISO 27001 Certified


ISO 9001 Certified


GDPR Compliance PDF Print E-mail

GDPR stays for REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). You may download the document here:


The GDPR Compliance is very actual and already a pressing subject as long as Romania, as part of EU, and all the organizations that own and / or process EU data subject of the data privacy (worldwide) have to comply with the General Data Protection Regulation (GDPR). The actual GDPR will replace the current Directive and will be directly applicable in all member states and worldwide without the need for implementing national legislation. It will not apply until 25 May 2018. However, as it contains some onerous obligations, many of which will take long time to prepare for, it will have an immediate impact.

Main Changes under GDPR:

  • records register of processing personal data35440117101 cbfe2c9d2b c

  • data security as processing principle

  • new rules on contracts with processors

  • data protection officer

  • data protection impact assessments

  • risk assessment

  • new information content

  • privacy by default and by design

  • changes in rules on consent

  • access rights, right to be forgotten and portability

  • biometrics / profiling / special records

  • data breach notification within 72 hours

  • prior consultation on sensitive operations

  • data management & information security

Penalties - the following sanctions can be imposed:

  • warning in writing in cases of first and non-intentional non-compliant regular periodic data protection audits;

  • fine up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater;

  • fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.

The consequence off all above mentioned is the clear need to adapt and to transform your organization’s way of doing business accordingly with the EU regulations and their new characteristics.

The clock is ticking on the May 2018 deadline for compliance - Are you ready ?

Our Services


Blue Lab Consulting helps organizations comply with GDPR through structured accountability based on implementing appropriate accountability mechanisms such as policies and procedures. Putting in place appropriate accountability mechanisms are the foundation for complying with the GDPR, as it enables organizations to demonstrate compliance at a project level and at an organizational level, both required by the GDPR

In accordance with our experience and expertise, during the implementation of the GDPR Compliance program within organizations, Blue Lab Consulting (partners / senior consultants, the associated lawyers, and operational team) offer support and assistance into the following phases to compliance:

  • GAP > GAP Analysis & Diagnostic - Records of Processing Activities Data Inventory, Data protection impact assessment and Risk assessment are an Outcome of this phase;
  • PLAN > Strategy & Transformation Planning;
  • EXEC > Execution for Compliance Approach / Change Management - Implement, Maintain and Demonstrate;
  • DPO > Data Protection Officer outsourcing services - ongoing compliance -'DPO's will be at the heart of GDPR legal framework for many organisations, facilitating compliance with the provisions of the GDPR.
  • CERT > "GDPR compliant" certification - Third Party Reporting

Blue Lab Consulting is runing the GDPR Compliance Program, in order to enhance the most appropriate level of compliance related to GDPR, with at least the following components:

  • legal advice
  • organizational & processes transformation
  • policies and procedures
  • information security
  • systems updates / upgrades, and
  • overall package of internal & external documentation related to data privacy, from legal and compliance perspectives.