GDPR aims to protect European citizen personal information. After understanding your business that includes your products, services and processes, we take you through a successful journey of successful GDPR compliance.
What is GDPR?
GDPR is aimed at protecting personal information, as an extension of an individual fundamental 'right to privacy'.
Inability to comply with GDPR can result in serious implication that includes fines between Euro 10 Million to Euro 20 Million or 4% of the global annual sales. . Besides the penalty, just imagine the impact on your brand, image and reputation.
This phase involves identification of information sources, and is processing infrastructure that involves personnel, technology, physical infrastructure.
Privacy impact assessment helps answer fundamental questions such as ‘what is the impact on the individual (data subject) upon a breach? Security risk assessment helps answer the questions, - ‘how did this breach occur in the light of present set of security controls?’
With several years of experience in this, we help answer both these questions as well detail recommendation in the context of your products, services and processes, that encompass legal, technical, physical, personal and procedural controls. Identified gaps are provided with detail recommendations.
This phase involves our methodology that involves distribution security responsibility to internal stakeholders, with controls policies and transactions that ensure GDPR is well embedded in the organisation processes. This phase results in rolling out 20+ policies and procedures to ensure that these processes are designed and would remain effective for future initiatives. This also includes nomination of a data protection officer and creating data protection office, for the organisation.
This phase involves tracking the client risks, and documentation on a weekly basis till all internal controls are adequately implemented. We use live project management tools to ensure client has a visibility of the status of their applicable requirements, risks, and policies and procedures.
This phase involves showcasing client with changes in a given period by providing change specific score of compliance between 0 -100% compliance.
This phase involves verifying the governance system created for the organisation is well in place and ready to declare as GDPR compliant.
At this stage the client has implemented the governance system in completeness.