General Data Protection Regulation - GDPR (General Data Protection Regulation) Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
GDPR (ISO 27701)
GDPR (ISO 27701)
Our approach for GDPR compliance
Our methodology of implementation of the GDPR compliant Privacy Program is based on the experience the successful projects implementation and maintenance of the Information Security Management Systems and allows to implement required controls within a reasonable timeline and without heavy resource investment from the customer side. Our approach is to start with getting a comprehensive understanding of the customer environment and current GDPR compliance position; to continue with a definition of a remediation plan to address any gaps; and to conclude with bringing in our experts into implementing remediation activities.
We will help identify all the necessary processes required for GDPR compliance and provide methodical assistance in establishing them, as well as help develop appropriate documentation in accordance with the specifics of your organization.
We provide professional assistance in maintaining the compliance with the GDPR requirements, by means of GDPR training tailored to your company’s specific requirements, as well as third-party audits to ensure greater compliance validation than that of a self-assessment.
6 steps to GDPR compliance
Designate someone to take responsibility for data protection compliance and assess where this role will sit within the company structure and governance arrangements – mandatory if the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale, or processing on a large scale of special categories of data and personal data relating to criminal convictions and offences, and recommended in other cases;
Account for Data Processing Activities within the Company and personal Data involved in it, identify the lawful basis for processing activities, and, if needed, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data;
Review company’s policies and procedures to ensure that they properly reflect GDPR requirements, especially Data Subject Rights and Requests, Managing Suppliers and International Data Transfers;
Adopt a privacy by design approach;
Make sure that the right procedures are in place to detect, report and investigate a personal data breach;
Establish corporate awareness and regular monitoring program to sustain compliance on an ongoing basis.