TÜV Rheinland continues to strengthen Regional GDPR Centre of Excellence in Japan and deliver Privacy Consulting Services

Many divisions of a company are affected

The EU General Data Protection Regulation (GDPR) demands full consent and transparency into how personal data is processed. It became enforceable through EU member state law from May 25, 2018, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single set of requirements that is binding in each EU member state. Most notably for Japanese businesses, GDPR not only applies to organizations located within the EU, but also to organizations located outside the EU if they offer goods or services that process personal information that originates in the EU.

The processing of personal data takes place in all type of companies and in various areas of the company: in sales for the collection and storage of customer data, in marketing for addressing customers, on the website or the social media channels used and in the human resources department. A range of products and smart devices today also collect personal information that is stored and processed in various locations There is therefore a correspondingly wide range of transactions that must be checked for legal conformity and, if necessary, adjusted. The first step in assessing compliance readiness for GDPR is a comprehensive analysis of all data processing and management processes. “Combining our expertise in product testing, information protection, privacy engineering, and GDPR regulations, we are one of the few organizations in Japan that can bring this level of expertise to market”, commented, Tobias Schweinfurter, President & CEO TÜV Rheinland Japan.

Extensive documentation requirements

The question of documentation becomes more important from the first day of the application of the regulation: The GDPR obliges companies to prove that the processing of personal data is carried out in accordance with the law. This proof is only possible through comprehensive documentation of all affected processes in the company. Medium and large companies can fulfil this obligation primarily by introducing or adapting an existing data protection management system.

Help with implementation: prioritising measures

Violations of the regulation may be subject to a fine of up to 20 million euros or four percent of the world’s annual turnover. Already the first steps on the way to the fulfilment of the GDPR presuppose comprehensive knowledge of the new regulation. They also require experience in the implementation of management processes and an understanding of information security technologies. If this knowledge and personnel resources are not available, external consultants, for example from TÜV Rheinland, can provide companies with comprehensive support in preparing for GDPR compliance In doing so, the consultants take into account both the requirements of the law and the interests of the company.

In Japan, the need for GDPR compliance is becoming evident to businesses. TÜV Rheinland Japan has focussed on rolling out its GDPR Gap Assessment Service for existing clients, but is seeing strong demand with several Japanese companies who are at early stages of assessing how GDPR requirements affect them. “We are have been successfully delivering GDPR and privacy consulting services to some of our key clients in the product development & engineering sector in Japan. We expect more to come forward and seek our assistance especially where engineering Privacy by Design is slowly making its way into the product development lifecycle”, added Urmez Daver, Vice President, Consulting Services