Is your organisation ready for GDPR?
A GDPR Readiness Assessment is designed to provide a starting point for a GDPR compliance programme. Our established, tried and tested Readiness Assessment methodology is based on the GDPR, PECR and cybersecurity best practices. The modular methodology ensures we can tailor the questions to specific business context, sector and industry the organisation operates in. The additional risk based assessment also ensures non-GDPR related risks are also captured and presented in the Readiness Assessment Report, which includes:
- Maturity Assessment
- Gaps (if any) that have been identified
- Recommendations for gap remediation
- Top 5 Risks to the organisation
- Top 5 Quick Wins that have been identified
- Top 5 Work Streams to progress with
The time and effort taken for the GDPR Readiness Assessment are dependent on the scope of the assessment. The scope is decided at the outset by one of our GDPR Practitioners working with the client to understand the client’s organisation and operations.
Call us on 07960 387876 or contact us about our GDPR Readiness Assessment.bout our GDPR Readiness Assessment.
With only just less than 18 months until the regulation is rolled out across the EU, the first crucial step is to map not only where your data is currently being stored, but also what types of data you hold. Undertaking a comprehensive data audit will help you ascertain which pieces of information need to be protected under the new regulations, and which are outside the scope of the legislation.
DPO as a Service
Not all organisations will need or can afford to employ a DPO and may want to instead hire the services of our Virtual Data Protection Officer. The Virtual DPO will be your DPO, on call when and if you need the DPO service. This can be as simple as advice on how to interpret the GDPR, provide training, deal with incidents, deal with the ICO or other supervisory authority on your behalf or just be a point of presence for you.
We are often asked if a DPO is needed? A DPO is mandatory under three situations.
- Where the processing is carried out by a public body;
- Where core activities require regular and systematic monitoring of personal data on a large scale;
- Where core activities involve large-scale processing of sensitive personal data.
Data Privacy Impact Assessment
The GDPR rightly put the interest of the Data Subject at the heart of the regulation. Data Privacy Impact Assessment or DPIA is the process of assessing impact on privacy of the subject, whose data is being processed. The objective is to understand what adverse impact the processing of the data will have on the Data Subject. This will need to be carried out as part of an integrated process for all projects and programmes. Working in the public sector, our consultants have years of experience of carrying out Privacy Impact Assessments and can help organisations in this area.
Security Architecture and Design
We have TOGAF certified security architects, with experience of leading and working on large and complex technology projects. We can provide expertise in the areas of system and network security, integration, identity and access management, product and supplier selection, including:
- High Level Security Design
- Low level security design
- Secure coding and lifecycle
- System and data classification
- Code of connections
- Security strategy and road-maps
- Design and collateral reviews against security standards and frameworks
ISO27001 ISMS implementation
We have many years of implementing and supporting ISO27001 Information Security Management Systems (ISMS)
From, initial policy writing, working with the senior management to get buy-in, formulating the scope, asset identification, carrying out gap analysis, risk assessment, risk treatment, carrying out internal audits to engaging and working with external certifying bodies.
Personal Data Mapping
With only less than 18 months until the regulation is rolled out across the EU, the first crucial step is to map not only where your data is currently being stored but also what types of data you hold. Undertaking a comprehensive data audit will help you ascertain which pieces of information need to be protected under the GDPR Regulation and which fall outside. More importantly you will need to identify:
- Do you have the proper consent to use this data?
- Is the data being used for the purpose it was collected?
- Who processes this data?
- Where is this data held?
- Who owns and is responsible for the data?
- Is the data appropriately protected?
- Can this data be ported?
- How long does this data need to be retained?
Auditing and Assessment Services
Your supply chain may be your weakest link. Do you know what your suppliers are doing with your data? Our Audit and Assessment Services can give this assurance. Many an organisations have been compromised through by attackers exploiting the weakness’ of their suppliers. Often a small supplier with little or no security protection or expertise could be in possession of your critical data.
You need to be assured that they are affording the same level of protection as you would expect them to. This is even more crucial when it comes to suppliers who have direct access to your systems, as attackers can compromise the vulnerabilities in their systems to attack yours.
Please get in touch to find out more.