background
A law on processing and transfer of personal data called EU General Data Protection Regulation (GDPR) came into force on May 25, 2018.
Interest in enhancing the protection of personal information is growing day by day and companies are required to take action to protect it.
Following this trend, there is a growing trend among EU members to establish common rules for the protection of personal date and on May 25, 2018, the law called the GDPR on the processing and transfer of personal data will come into force in order to ensure the human right of personal data protection (*1).
The law in principle prohibits the transfer of personal data acquired within the EEA, including the EU, to countries outside the EEA, so Japanese companies operating in the region were required to be careful. In addition, there are penalties and companies are obliged to pay fines for violations. The maximum fine can be as large as 4% of global sales, and not only EEA companies but also Japanese companies operating in the EEA were forced to do so.
issue
In order to prepare for GDPR, it is necessary to visualize incompatible areas and situations then formulate a mid-term response plan with risk analysis and measures for those areas.
With the implementation of GDPR, following measures for the handling of personal data are required for Japanese companies operating in the EEA.
- 1.Status survey to organize the whereabouts and flow of personal.
- 2.Analysis to visualize GDPR non-conforming areas and situations.
- 3.Create a mid-term plan with risk analysis and action plans for non-conforming areas.
However, this required communication with local offices in English. It was also needed to facilitate the project. In addition, it was needed to work on enhancing quality in order to ensure compliance.
activity
Promotes project management and optimization through global support, enhanced project management and quality.
In this case, we provided support to a Japanese company with an office in EEA region to help prepare for GDPR. Specifically, we supported following.
- 1.Promote global support using English, including communication with IT system experts and legal staff in addition to communication with European companies.
- 2.Optimization of entire project management, from creating project plans and WBS to task control and document management.
- 3.Support for the preparation of products from business hearings and enhancement of quality for outputs, including confirmation of content.
consequence
By supporting IT measures for GDPR compliance, we contributed to protecting Japanese companies and the national interest in terms of personal information protection.
By supporting IT measures for GDPR compliance, handling of personal information of Japanese companies operating within EEA became more appropriate. This not only prevents payment of fines for violating the GDPR, but also avoids loss of trust in Japanese companies in terms of their proper response to the GDPR. Today, with the growing trend toward protection of personal information, loss of trust related to personal information protection can be critical for Japanese companies. Therefore, this project has contributed to protecting Japan's national interest by preventing the loss of trust in Japanese companies in advance through the appropriate handling of personal information.
