General Data Protection Regulation

Cost-effective personal data processing compliance assessment for you not to worry about forthcoming General Data Protection Regulation (GDPR)

On the 15th of December 2015, the European Parliament, the Council and the Commission reached an agreement on the new data protection rules, establishing a modern and harmonized data protection framework across the EU. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) entered into force on 24 May 2016. It shall apply from 25 May 2018.

We would like to propose our expertise in assessment of current GDPR compliance status, evaluating related risks and planning proportional data protection controls.

Ultimately, proper design and implementation of personal data protection framework will improve overall information security posture and increase confidence in your company as a responsible partner.

Our proposed services cover stages provided below:

The GDPR readiness assessment covers first 3 stages (management system implementation is not included).

Data discovery stage covers identification of personal data being processed, data flows and sources, data providers, processors and controllers, existing relevant processes and practices, internal policies, procedures and standards, roles and responsibilities, contractual clauses, other existing information security controls. At this stage we will double check data discovery results performed by another supplier.

Impact assessment stage covers gap analysis against GDPR requirements, information security standards and best practices, and analysis of personal data protection related risks – impact assessment, threat assessment, risk acceptance assessment.

Control selection stage covers design of a framework of personal data protection controls based on the results of the previous stage.

At the request of the Client, we can provide insurance services against cyber-attacks and sanctions for non-compliance with the requirements of the Regulation and personal data breaches. The terms of these services will be discussed separately.

Your information is safe and will never be shared or sold. You may unsubscribe at anytime.