GDPR Compliance

 

The General Data Protection Regulation (GDPR) is the aEuropean Privacy Regulation that mandates certain responsibilities for organizations that capture data about European Data Subjects.  The primary objective of the GDPR is to give citizens back control of their personal data.  The scope of this regulation is broad:  It includes both organizations that process data (Data Processors) as well as organizations that control data (Data Controllers).  Moreover, the Regulation applies to any organization, irrespective of where they are geographically located, to comply with the requirements. 

What is Infosec Mates GDPR Services?

 
 
 

GDPR is the most expansive Privacy Regulation introduced in the Global space to date.  The scope involves any organization irrespective of where the company is geographically located.

GDPR mandates several fundamental rights:

  • It demands clear consent from European Subjects for data to be collected.
  • It provides clarity as to for what the purposes that data can be used.
  • It specifies the scope of what constitutes personal data to include social media data, photos, email addresses and even computer IP addresses.
  • It provides the right for EU subjects to be forgotten - The ‘right to be forgotten.’ This requires a Data Controller and Data Processor to permanently delete or erase on demand, the EU data subject information.
  • Processes and workflows will need to be reworked to build in ‘privacy by design’ .
  • Requires data breach notification within a few days of incidents being detected .

GDPR protects the following information:

  • Identity information such as name, address, and ID numbers
  • Web data such as location, IP address, cookie data
  • Health and genetic data
  • Sexual orientation
  • Biometric data
  • Racial or ethnic data
  • Political opinions

Infosec Mates skilled team of Compliance Practice experts work with clients on their compliance with GDPR. Our services include:

Inventory

We typically begin our engagements with an current state inventory of the data that is being captured. A threshold question is whether the organization captures data from European subjects. If the organization responds in the affirmative, we know the organization is one of the covered Entities that is anticipated by GDPR.
The inventory includes:

  • understanding the type of data that is being captured. GDPR is only triggered when personable identifiable data is being collected. It is not triggered if the organization captures non PII data.
  • understanding how the organization uses the information captured. Does the organization process the company data or stores and controls the data. This is critical, because the requirements for each is different.
  • Understanding where the data is stored.
Current State Process Analysis

During the current state process analysis, Infosec Mates pairs the organization with one of our Business Process Analyst. This BPA will map out the current process for capturing end user PII data.
This analysis will include:

 

Infosec Mates will also work with the customer to understand what are the existing rights of end users. This includes, existing opt out procedures for end users, notification procedures.

Risk Analysis

Infosec Mates will analyze the data that is being captured and perform a risk assessment. To scope of the assessment is to determine the risk of compliance with GDPR. In addition, we assess the type of of data storage; the policies and procedures in place to save data and the agreement(s) our clients have with suppliers, employees and their end users.

Define the Roles and Responsibilities for compliance with GDPR

GDPR mandates certain roles to be in place for covered entities. Infosec Mates will work with your organization to identify the Data Controller for the organization. In addition, we will work with organizations to develop the Data Control Charter and Plan. Another critical role required by GDPR is the Data Protection Officer. This function could be either an internal or external individual responsible for compliance.

GDPR Compliance

The penality for non compliance is up to €20m or, if higher, as much as four percent of global revenue

Why GDPR Compliance is important to you?

 
 

According to a survey by GWC, 92% of organizations are concerned about GDPR compliance.  The fines are $20m and this is significant for small and medium businesses.  In addition, the reputational risk for non compliancemay hurt an organization.  Customers may lose confidence in the way the organization manages their privacy information.

GDPR is not a bad thing.  Essentially, GDPR provides European subjectswith more control over how their personal data is used.  It strengthens data protection legislation and introducing tougher enforcement measures thereby, improving trust in the emerging digital economy.

Contact US
[hfe_template id='5280']
[hfe_template id='5160']
[hfe_template id='4976']
[hfe_template id='4968']