GDPR Compliance

 

The General Data Protection Regulation (GDPR) is the aEuropean Privacy Regulation that mandates certain responsibilities for organizations that capture data about European Data Subjects.  The primary objective of the GDPR is to give citizens back control of their personal data.  The scope of this regulation is broad:  It includes both organizations that process data (Data Processors) as well as organizations that control data (Data Controllers).  Moreover, the Regulation applies to any organization, irrespective of where they are geographically located, to comply with the requirements. 

What is Infosec Mates GDPR Services?

 
 
 

GDPR is the most expansive Privacy Regulation introduced in the Global space to date.  The scope involves any organization irrespective of where the company is geographically located.

GDPR mandates several fundamental rights:

GDPR protects the following information:

Infosec Mates skilled team of Compliance Practice experts work with clients on their compliance with GDPR. Our services include:

Inventory

We typically begin our engagements with an current state inventory of the data that is being captured. A threshold question is whether the organization captures data from European subjects. If the organization responds in the affirmative, we know the organization is one of the covered Entities that is anticipated by GDPR.
The inventory includes:

Current State Process Analysis

During the current state process analysis, Infosec Mates pairs the organization with one of our Business Process Analyst. This BPA will map out the current process for capturing end user PII data.
This analysis will include:

 

Infosec Mates will also work with the customer to understand what are the existing rights of end users. This includes, existing opt out procedures for end users, notification procedures.

Risk Analysis

Infosec Mates will analyze the data that is being captured and perform a risk assessment. To scope of the assessment is to determine the risk of compliance with GDPR. In addition, we assess the type of of data storage; the policies and procedures in place to save data and the agreement(s) our clients have with suppliers, employees and their end users.

Define the Roles and Responsibilities for compliance with GDPR

GDPR mandates certain roles to be in place for covered entities. Infosec Mates will work with your organization to identify the Data Controller for the organization. In addition, we will work with organizations to develop the Data Control Charter and Plan. Another critical role required by GDPR is the Data Protection Officer. This function could be either an internal or external individual responsible for compliance.

GDPR Compliance

The penality for non compliance is up to €20m or, if higher, as much as four percent of global revenue

Why GDPR Compliance is important to you?

 
 

According to a survey by GWC, 92% of organizations are concerned about GDPR compliance.  The fines are $20m and this is significant for small and medium businesses.  In addition, the reputational risk for non compliancemay hurt an organization.  Customers may lose confidence in the way the organization manages their privacy information.

GDPR is not a bad thing.  Essentially, GDPR provides European subjectswith more control over how their personal data is used.  It strengthens data protection legislation and introducing tougher enforcement measures thereby, improving trust in the emerging digital economy.

[hfe_template id='5280']
[hfe_template id='5160']
[hfe_template id='4976']
[hfe_template id='4968']