Compliance, strategy, standards
GDPR - personal data protection
In line with the EU General Data Protection Regulation (GDPR), new data protection regulations will be enforced from May 2018. The regulation will fully replace national personal data protection regulations.
- GDPR changes the approach – it does not impose rigid rules on the protection of personal data but defines the purpose of data protection.
- Security systems should provide a level of security appropriate to the requirements and risks, as well as ensure that protection of processed data is kept at the highest level possible.
We support every organization in ensuring compliance with GDPR, taking it through the following 10 steps:
- Data inventory – including discovery of personal data processed, assessment of relevance and sensitivity, storage and processing locations, persons accessing personal data and data processing approach and process.
- Analysis of risks associated with data processing, technical and legal aspects.
- Assessment of security measures used in IT systems, contracts with subcontractors, analysis of clauses with customers.
- Recommendation on how to improve your data processing facility technically and legally.
- Compliance plan – improvement activities in the areas of procedures, standards, processes, organization and technology.
- Incident monitoring, detection and interpretation of security incidents.
- Reduction of the impact of incidents, communications to customers, notification to regulatory authorities, securing and fixing IT environment, legal protection.
- Ensuring continuous compliance, monitoring the performance of the data processing system, implementing the necessary adjustments, maintaining security and compliance with GDPR.
- Building awareness, training and engaging in the process of maintaining security.