What is GDPR?
General Data Protection Regulation (GDPR) is a European set of standards that has reshaped the way in which data is handled across every sector. The standard impacts any business who offers goods or services, or monitors the behavior of EU citizens regardless of where the organization is located. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).
Some of the newly introduced areas include:
- Breach Notifications
- Right to Access
- Right to be Forgotten
- Data Portability
- Privacy by Design
- Data Protection Officers
Get started with a GDPR Gap Analysis
Revamping your privacy program for GDPR can be costly and difficult. Since GDPR is a new regulation, with many areas to be left up to interpretation, it can be beneficial to consult with professionals who specialize in this regulation. SECNAP offers a GDPR Gap Analysis which can help determine if this regulation applies to your organization and is worthy of your budget. Like any other gap analysis, the first step is to understand what the scope of the engagement to then determine which regulation, standard and/or set of requirements apply and then effectively determine where you stand against the requirements.
Privacy Program Design and Implementation
Our compliance professionals can help design and implement privacy program functions, including:
- Data Protection Impact Assessments (DPIAs)
- Privacy by Design Implementation Guides
- Right to Erasure and Data Portability
- Data Subject Rights, Consent, and Opt-In Programs
Understand Data Mapping
Data is dynamic. Understanding how to collect, process, transmit and store data is the foundation of your Data Privacy Program. It is also important to understand how data is used and who uses it in order to take the right steps towards GDPR compliance. Often times the exact data flow of the sensitive data is unclear and not well documented enabling exposure and increased risk of data loss.
Using manual and automated techniques we can gather and document the entire picture in order to:
- Understand the information lifecycle of sensitive information for key processes throughout the business
- Evaluate the strength and effectiveness of controls and safeguards
- Create a master repository of information lifecycle details
- Establish a sensitivity index to focus control enhancements on areas of highest privacy and security risks
- Identify the high-risk vendors, data flows, and IT systems focusing on areas of remediation and maintaining process activities
Still have Questions?
It is likely that you have some unanswered questions regarding GDPR and how it impacts your business. Let’s connect and discuss how SECNAP can assist you in meeting your compliance requirements.