Recognize “PII” Data
- Processed lawfully and fairly
- Collected for legitimate purposes
- Adequate and limited to what is necessary
Effective May 25th, 2018, the European Union General Data Protection Regulation (GDPR) has been enforced to provide greater protection for the personal data of European consumers. The legislation enacts strong consumer protection laws, and companies who are not in compliance could face millions of dollars/euros in fines. GDPR is an opportunity to develop confidence and trust with your clients while meeting regulatory obligations.
9000
~ DPO’s Required To
Meet GDPR Requirements
52%
Organizations Subject To
Cybersecurity GDPR Legislation
72 Hours
Allowed To Report
Cybersecurity Incident
Overview
The GDPR enshrines within its regulations the most recent data protection principles, general tightening of regulations concerning the handling of personally identifiable information (PII), including but not limited to:
- the right to opt in to communications
- a ‘right to be forgotten’
- a right to receive a detailed data report on themselves
The regulations affects technical data management, digital marketing, and communication functions, that is those who use the data in the organization. GDPR regulation will forever change the way personal data will be viewed. Enterprises will be custodians of data stored, vs the owners. GDPR challenges are far-reaching, diverse, and applies to current, legacy, and new data as it’s collected and stored.
Services
Through comprehensive Cybersecurity risk management processes, our GDPR readiness program, provides an seamless process aligning to GDPR Cybersecurity obligations.
From developing a consistent methodology to implementing processes, controls and managing ongoing compliance, our data privacy expertise supports all phases of the requirements across all business sectors. We review the top GDPR Cybersecurity provisions affecting your organization and support throughout the entire remediation process.
- What types of GDPR data is being processed by your organization?
- Where does the GDPR data reside?
- Who has access to GDPR data?
- How is GDPR data being protected?
- What are your documented due diligence processes to protect GDPR Data?
- How have you prioritize GDPR data protection against your other threats?
GDPR PROGRAM FRAMWORK
Assess
- Privacy & Risk
- Governance Model
- People & Process
- Data Security
- Identify Data
- Classify Data
- Develop Road-Map
Build
- Processes & Tools
- GDPR Training
- Standards & Policies
- Privacy By Design
- Security By Design
- Detailed Data Discovery
- Data Governance
Execute
- Business Processes
- Monitor Security
- Consistent Privacy
- Manage Consent
- Technical Measures
- Manage DSR Consent
- Begin GDPR Readiness
Govern
- Documented Governance
- Monitor & Assess
- Audit & Report
- Continuous Monitoring
- Evaluate Adherence
- Compliance Evidence
- Executive Communication
Expertise
Certified Information Privacy Technologist
CIPT’s have the expertise to develop strategies, policies, processes and techniques to manage cybersecurity risks while enabling prudent data use for business purposes.
Certified Information Privacy Manager
CIPM’s have deep knowledge of creating a structured data protection team, develop and implement system frameworks, communicate to stakeholders, and measure performance.
Certified Information Privacy Professional
CIPP’s have comprehensive knowledge of data privacy jurisdictional laws, regulations and enforcement models with the legal requirements for handling and transferring data.
Certified Information Privacy Professional / Europe
CIPP/E‘s are DPO’s with expert GDPR knowledge to ensure compliance and data protection success in Europe with responsibilities to manage compliance, and conducting internal audits.
Deliverables
Data Access
Governed policies on who has access to structured and unstructured data. Privileged and least privileged identity governance and technologies are critical components of this phase.
Data Handling
Develop a comprehensive and tested incident response plan aligned to GDPR obligations Article 33 to notify affected identities within 72 hours of becoming aware of PII data breach.
Data Protection
Develop a resilient Cybermaturity program protecting critical data, identities and the protection of sensitive information by leveraging both controls from a policy and advanced technologies.
Data Classification
Data classification including loss prevention policies development to ensure alignment to classification schemes, identify the location of databases and what type of information stored.
Data Governance
A detailed workshop with key stakeholders detailing your organisation’s current level of compliance with the GDPR regulation, identify and prioritize the key work areas.
Data Discovery
A thorough audit of your personal data, data-flow map identifying where data resides, who ‘owns’ the data, who has access to the data and with whom the data is shared.
GDPR Advisory Services
GDPR Readiness & Gap Analysis
A detailed workshop with key stakeholders detailing your organisation’s current level of compliance with the GDPR regulation, identify and prioritize the key work areas that your organisation must address to align to GDPR Requirements. The assessment will consist of the following phases:
- On-site review of Data protection governance
- Risk management, GDPR project resourcing
- Data Protection Officer (DPO)
- Roles and responsibilities
- Scope of compliance
- Personal data processes
- Personal Information Management System (PIMS)
- Information Security Management System (ISMS)
- Rights of data subjects and GDPR compliance report
GDPR Data Inventory
A thorough audit of your personal data and a data-flow map identifying where data resides and how it flows inside and outside your organization, including but not limited to the type of data being held, who ‘owns’ the data, who has access to the data and with whom the data is shared.
DPIA Assessment
The Data Protection Impact Assessment (DPIA) is a detailed assessment of the data protection risks related to your organization’s process and a remediation plan to mitigate future GDRP risks and fines. The in-depth gap analysis and remediation planning will identify the steps your organization needs to take to become compliant. Forecight will also develop a tailored plan to help your organization to complete this process.
Data Protection Program
The Data Protection Program provides a dedicated senior GDPR consultant to support your organization in implementing a sustainable GDPR program to manage and enable GDPR legislation obligations.
DPO As A Service
Dedicated ongoing cybersecurity expert consultant to support your organization by providing expert advice on your GDPR obligations, industry best practices and to supervise GDPR mandatory requirements throughout your organization.
