General Data Protection Regulation – GDPR
Ensure your compliance with GDPR. We use up-to-the-minute assessment and auditing frameworks to assess your compliance status.
GDPR Auditing Overview
The GDPR is an EU Regulation intended to mandate how organisations manage Personal and Sensitive data.
The GDPR aims to strengthen EU residents’ fundamental rights and freedoms in the digital age and to provide enhanced protections for EU residents’ personal data.
It also modernises and unifies diverse existing legislation across the EU Single Market, thus bringing greater legal certainty and reduced operating risk for companies that have to account for the diverse laws and enforcement regimes of 28 EU Member States when operating in Europe.
The GDPR enforces new rights for EU residents and for any other data subjects whose data is processed in the EU, as well as placing new obligations on organisations and introducing new powers for supervisory authorities. A number of requirements are particularly significant for an organisation and must be clearly understood if fines and sanctions are to be avoided.
The GDPR And Other Data Protection Requirements
The GDPR is not the only data protection obligation with which an organisation needs to comply and therefore should be treated as part of a broader data protection management system that encompasses the people, processes and technologies used to control personal data processing.
This can include requirements from a variety of sources, such as: local legislation, case law and treaties; sector-specific regulatory requirements; and commercial obligations arising from contractual terms and publicised organisational commitments for personal data processing (e.g. privacy notices and terms and conditions).
These sources, combined with an organisation’s values, attitude to risk and compliance demands, largely determine how personal data is protected. Whilst values, risk and compliance are often in tension, an organisation can take a holistic approach where its values guide the balance between risk and compliance.
How To Prepare For GDPR
ITSecurity.Org can help you understand your obligations and can help you minimize the scope of compliance.
The high-level process for preparing for GDPR is simple. It is the detail that is challenging. Ensuring that all business processes are in compliance with GDPR can be challenging. You need a GDPR experienced consultant to help you through the entire GDPR compliance to ensure that you will be fully compliant.
ITSecurity.Org can help you through every stage of the GDPR Project lifecycle including:
GDPR Project Start Up Meeting
Stage 1: Project Initiation
Project Initiation Document
Risk Committee Meetings
Project Board Meetings
Project Status Reports
Workstream reporting templates
Stage 2: Project Execution
1.1 Data Retention
1.1.1 Paper Storage
1.1.2 Electronic Storage
1.3 Biometric Data
1.4 Privacy Notices
1.5 Subject Access Requests
1.7 Data Portability
1.8 Data Protection
1.9 Records Of Processing Activities
1.10 Breach Notification
To the ICO, Controller And To the Data Subjects
1.11 Data Privacy Impact Assessment and Prior Consultation
1.12 Right To Be Forgotten
1.14 Personal Data Definition
1.15 Data processors and Sub-Processors
1.15.1 Contractual Terms
1.15.2 Joint Data Controllers
Project Finalisation And Closure
Effectively assess, manage, and secure your organization’s web usage and business-critical applications.
Leverage experienced and certified consultants to help manage and respond to security incidents.
Better manage risk, compliance, and governance.
Enable flexible, intelligent IT and network security solutions to combat Internet threats.
Review your status, complete a risk assessment and create, produce and publish Security Standards and Policies.
Assess your organization against UK, EU and US legislation and regulations: GDPR, PCI-DSS, ISO27001, Money Laundering, Sarbanes-Oxley.
Identify areas of potential risk and design a customized, complete security solution.
Outsource your IT Security to ITSecurity.Org Security Experts.
Securing online assets and supporting regulatory compliance by exposing the vulnerabilities on the network.
Assess your people, processes and technologies. Create, produce and publish procedures and guidelines.
Assess your Data Protection environment against recent regulatory and legislative requirements including GDPR.
Build effective IT security policies to reduce threats to your critical business assets.
Protect mobile devices, secure connectivity, ensure appropriate access, and safeguard data and applications.
Assess and enhance your physical security plan with a wide variety of Physical Security Solutions
Train your staff in the principles of Security and Data Protection and prevent data breaches.