GDPR READINESS

Accelerate Data Privacy & Security

Menu

Achieve GDPR Readiness.

Protect Data. Ensure Compliance.

Effective May 25th, 2018, the European Union General Data Protection Regulation (GDPR) has been enforced to provide greater protection for the personal data of European consumers. The legislation enacts strong consumer protection laws, and companies who are not in compliance could face millions of dollars/euros in fines. GDPR is an opportunity to develop confidence and trust with your clients while meeting regulatory obligations.

9000

~ DPO’s Required To
Meet GDPR Requirements

52%

Organizations Subject To
Cybersecurity GDPR Legislation

72 Hours

Allowed To Report
Cybersecurity Incident

Overview

The GDPR enshrines within its regulations the most recent data protection principles, general tightening of regulations concerning the handling of personally identifiable information (PII), including but not limited to:

  • the right to opt in to communications
  • a ‘right to be forgotten’
  • a right to receive a detailed data report on themselves

The regulations affects technical data management, digital marketing, and communication functions, that is those who use the data in the organization. GDPR regulation will forever change the way personal data will be viewed. Enterprises will be custodians of data stored, vs the owners. GDPR challenges are far-reaching, diverse, and applies to current, legacy, and new data as it’s collected and stored.

  • Recognize “PII” Data

    • Processed lawfully and fairly
    • Collected for legitimate purposes
    • Adequate and limited to what is necessary

  • Manage “PII” Data

    • Accurate and, where necessary
    • Kept up to date
    • Kept for no longer than is necessary

  • Protect “PII” Data

    • Processed securely
    • Stored Securely
    • Actively monitored

Services

Through comprehensive Cybersecurity risk management processes, our GDPR readiness program, provides an seamless process aligning to GDPR Cybersecurity obligations.

From developing a consistent methodology to implementing processes, controls and managing ongoing compliance, our data privacy expertise supports all phases of the requirements across all business sectors. We review the top GDPR Cybersecurity provisions affecting your organization and support throughout the entire remediation process.

  • What types of GDPR data is being processed by your organization?
  • Where does the GDPR data reside?
  • Who has access to GDPR data?
  • How is GDPR data being protected?
  • What are your documented due diligence processes to protect GDPR Data?
  • How have you prioritize GDPR data protection against your other threats?

CERTIFIED PRIVACY SPECIALISTS

CIPP / C.

Recognized standard for expertise in Canadian privacy laws, regulations, and frameworks.

CIPM.

Industry certification for professionals managing operational privacy programs and compliance.

CIPP / E.

Leading certification for mastery of European privacy laws and GDPR requirements.

CIPP / US.

Credential for professionals specializing in U.S. privacy laws and data protection frameworks.

CIPT / Global.

Global certification validating technical proficiency in integrating privacy across the organization.

Deliverables

Data Access

Governed policies on who has access to structured and unstructured data. Privileged and least privileged identity governance and technologies are critical components of this phase.

Data Handling

Develop a comprehensive and tested incident response plan aligned to GDPR obligations Article 33 to notify affected identities within 72 hours of becoming aware of PII data breach.

Data Protection

Develop a resilient Cybermaturity program protecting critical data, identities and the protection of sensitive information by leveraging both controls from a policy and advanced technologies.

Data Classification

Data classification including loss prevention policies development to ensure alignment to classification schemes, identify the location of databases and what type of information stored.

Data Governance

A detailed workshop with key stakeholders detailing your organisation’s current level of compliance with the GDPR regulation, identify and prioritize the key work areas.

Data Discovery

A thorough audit of your personal data, data-flow map identifying where data resides, who ‘owns’ the data, who has access to the data and with whom the data is shared.

GDPR Advisory Services

A detailed workshop with key stakeholders detailing your organisation’s current level of compliance with the GDPR regulation, identify and prioritize the key work areas that your organisation must address to align to GDPR Requirements. The assessment will consist of the following phases:

  • On-site review of Data protection governance
  • Risk management, GDPR project resourcing
  • Data Protection Officer (DPO)
  • Roles and responsibilities
  • Scope of compliance
  • Personal data processes
  • Personal Information Management System (PIMS)
  • Information Security Management System (ISMS)
  • Rights of data subjects and GDPR compliance report

A thorough audit of your personal data and a data-flow map identifying where data resides and how it flows inside and outside your organization, including but not limited to the type of data being held, who ‘owns’ the data, who has access to the data and with whom the data is shared.

The Data Protection Impact Assessment (DPIA) is a detailed assessment of the data protection risks related to your organization’s process and a remediation plan to mitigate future GDRP risks and fines. The in-depth gap analysis and remediation planning will identify the steps your organization needs to take to become compliant. Forecight will also develop a tailored plan to help your organization to complete this process.

The Data Protection Program provides a dedicated senior GDPR consultant to support your organization in implementing a sustainable GDPR program to manage and enable GDPR legislation obligations.

Dedicated ongoing cybersecurity expert consultant to support your organization by providing expert advice on your GDPR obligations, industry best practices and to supervise GDPR mandatory requirements throughout your organization.

Related Advisory Services

CYBER IDENTITY
EXPERTISE ON–DEMAND

Contact us to review how GDPR Cybersecurity provisions applies to your organization.

CONTACT FORECIGHT