EU 一般データ保護規則 (GDPR)

GDPR 実施までの 2 年間の移行期間は、2018年5月24日をも って終了します。 つまり、2018年5月25日以降は、全ての企業が、顧客、従業員、官公庁からの データ保護に関する問い合わせに回答できる状態でなければならず、また、これに対応する企業 のプロセスやITインフラが法に適合していることを証明できなければならない、ということです。


GDPRの規定を実行し、継続的にGDPRのコンプライアンスを遵守したいけれど、どこから着手すれば良いのかわからない ― そんな悩みを抱える企業は少なくありません。 そこで、PDCA(plan-do-check-act)サイクルのように、4ステップで定期的に見直す方法をご紹介します。

Step 1: Assessment

Online Questionnaire and Gap Analysis Report

The very first step towards compliance is to do a full review of your company against the requirements of GDPR. With our Online Assessment questionnaire, you can access and begin working on this first step immediately, at your convenience.

From the questionnaire, the type of data, scope, size, context and purposes of the company’s data processing activities will be examined, along with existing company measures in place for data protection. You will then receive a concise gap analysis identifying the risk levels of each gap.
You will also be given IT expert advice based on industry standard best practices, and recommendations for implementation relevant to your company’s risk levels.

Step 2: Organisational measures

Solutions for internal and external interactions

GDPR requires companies to implement “technical and organisational measures” based on the risk of processing. We identify these from the gap analysis, as described in step 1, then we help your company fill missing elements in your external and internal documents and processes. We also provide practical tools which help.

Customer Facing Requirements:

  1. privacy notices tailored to your company activities, websites and apps
  2. cookie policies for your company website
  3. privacy notices and cookie policies provided in German, Japanese and English
  4. EU Representative (according to Art. 27 GDPR)

Internal Requirements:

  1. creation of mandatory documentation (such as records of processing activities, guidelines and policies relevant to the company’s risk levels and industry standards)
  2. online training for employees
  3. compliance management system software for documentation and employee on-boarding
  4. certified Data Protection Officer (DPO)

Step 3: Technical Measures

IT solutions, data protection and security

Only after the foundations have been laid with the organisational measures, can the technical measures be implemented. For this step of the process, we help you with the following:

  1. risk assessment of technical systems, processes and operations (Data Protection Impact Assessment -DPIA)
  2. guidance on implementation of management systems ( Data Protection Management Systems - DPMS, Information Security Management Systems - ISMS)
  3. defining goals for IT systems to ensure information security’s key triad: confidentiality, integrity and availability of data

Step 4: Daily Operations

Maintaining compliance

IT standards are continually evolving, as new forms of data breaches and abuse emerge. Since GDPR emphasises data protection based on risk, compliance is also a living, evolving way of operating business. Furthermore, data breaches, enquiries from data subjects and, even spot-checks by data protection authorities can occur at any time. We help your company stay on top of compliance through the following services and tools:

  1. external DPO or EU representative
  2. encrypted DPO communication channel
  3. handling of requests and inquiries from your customers
  4. handling of questions and requests from your company
  5. monitoring GDPR developments and update reports