Recognize “PII” Data
- Processed lawfully and fairly
- Collected for legitimate purposes
- Adequate and limited to what is necessary
The GDPR enshrines within its regulations the most recent data protection principles, general tightening of regulations concerning the handling of personally identifiable information (PII), including but not limited to:
The regulations affects technical data management, digital marketing, and communication functions, that is those who use the data in the organization. GDPR regulation will forever change the way personal data will be viewed. Enterprises will be custodians of data stored, vs the owners. GDPR challenges are far-reaching, diverse, and applies to current, legacy, and new data as it’s collected and stored.
Through comprehensive Cybersecurity risk management processes, our GDPR readiness program, provides an seamless process aligning to GDPR Cybersecurity obligations.
From developing a consistent methodology to implementing processes, controls and managing ongoing compliance, our data privacy expertise supports all phases of the requirements across all business sectors. We review the top GDPR Cybersecurity provisions affecting your organization and support throughout the entire remediation process.
Certified Information Privacy Technologist
CIPT’s have the expertise to develop strategies, policies, processes and techniques to manage cybersecurity risks while enabling prudent data use for business purposes.
Certified Information Privacy Manager
CIPM’s have deep knowledge of creating a structured data protection team, develop and implement system frameworks, communicate to stakeholders, and measure performance.
Certified Information Privacy Professional
CIPP’s have comprehensive knowledge of data privacy jurisdictional laws, regulations and enforcement models with the legal requirements for handling and transferring data.
Certified Information Privacy Professional / Europe
CIPP/E‘s are DPO’s with expert GDPR knowledge to ensure compliance and data protection success in Europe with responsibilities to manage compliance, and conducting internal audits.
Governed policies on who has access to structured and unstructured data. Privileged and least privileged identity governance and technologies are critical components of this phase.
Develop a comprehensive and tested incident response plan aligned to GDPR obligations Article 33 to notify affected identities within 72 hours of becoming aware of PII data breach.
Develop a resilient Cybermaturity program protecting critical data, identities and the protection of sensitive information by leveraging both controls from a policy and advanced technologies.
Data classification including loss prevention policies development to ensure alignment to classification schemes, identify the location of databases and what type of information stored.
A detailed workshop with key stakeholders detailing your organisation’s current level of compliance with the GDPR regulation, identify and prioritize the key work areas.
A thorough audit of your personal data, data-flow map identifying where data resides, who ‘owns’ the data, who has access to the data and with whom the data is shared.
GDPR Readiness & Gap Analysis
A detailed workshop with key stakeholders detailing your organisation’s current level of compliance with the GDPR regulation, identify and prioritize the key work areas that your organisation must address to align to GDPR Requirements. The assessment will consist of the following phases:
GDPR Data Inventory
A thorough audit of your personal data and a data-flow map identifying where data resides and how it flows inside and outside your organization, including but not limited to the type of data being held, who ‘owns’ the data, who has access to the data and with whom the data is shared.
DPIA Assessment
The Data Protection Impact Assessment (DPIA) is a detailed assessment of the data protection risks related to your organization’s process and a remediation plan to mitigate future GDRP risks and fines. The in-depth gap analysis and remediation planning will identify the steps your organization needs to take to become compliant. Forecight will also develop a tailored plan to help your organization to complete this process.
Data Protection Program
The Data Protection Program provides a dedicated senior GDPR consultant to support your organization in implementing a sustainable GDPR program to manage and enable GDPR legislation obligations.
DPO As A Service
Dedicated ongoing cybersecurity expert consultant to support your organization by providing expert advice on your GDPR obligations, industry best practices and to supervise GDPR mandatory requirements throughout your organization.