top of page
General Data Protection Regulation

What is GDPR /  RGPD?

It is the Regulation on the protection of natural persons, with regard to the processing of personal data and the free movement of such data, which repeals Directive 95/46/EC (General Regulation on Data Protection) published in 1995, proceeding to a major change and clarification of the boundaries of application of the same.

With this Regulation it is intended:

•Harmonize the laws of the 28 Member States;

• Clarify areas previously interpreted differently in different countries;

•Increase its scope to include any organization or individual that collects data about EU citizens, regardless of whether they are physically inside or outside the EU;

•Ensure that the regulation is applied in a similar way in all Member States.


Main changes in  relation to legislation  previous:


• Increase in fines. Fines, for non-compliance with regulations or serious failures in data protection, can reach 4% of the global turnover (of the company or group) or €20M, whichever is greater.

• Obtain consent. The data subject's consent must be given by means of a clear positive act that indicates a free, specific, informed and unequivocal expression of will that the data subject consents to the processing of those concerning him and only for the defined purposes. (if there are multiple purposes, they must all be described)

• Notice of violation. In case of data breach, the controller must inform the local supervisory authority within 72 hours. The data subject must be informed as soon as possible.

• Territorial scope. The regulation applies to any organization that has data on EU citizens, regardless of where they are physically located.

• Joint liability. The controller or the subcontractor must repair any damage that someone may be the victim of as a result of processing that violates the regulation.

•Right of forgetting. Users have the right to demand the removal of data.

•Remove ambiguity. A law across the EU.

•Data transfer. Data transfer outside the EU is allowed, but the controller is always ultimately the controller if such data is breached.

•Collective resource. Data subjects can work together to prosecute a data controller, and may be represented by an Organization or  non-profit association

PGM provides the following services:

  • Support in the assessment of compliance with the RGPD

  • Support in implementation of control measures to comply with the GDPR;

  • Costumised Training.

The ISO 27001 Information Security standard helps to implement control processes that facilitate compliance with some RGPR/GDPR requirements.


bottom of page