The European Commission has finalised the text of the General Data Protection Regulation (GDPR), which will come into force in 2016. This new legislation is the most dramatic change in privacy and data protection regulation in decades. This regulation was the result of more than four years of deliberations and negotiations and will have an impact on organisations worldwide. The GDPR requires organisations to fundamentally change how they approach data protection.
The requirements on data privacy and information security are increasing globally, which leads to complex compliance specifications. While it used to be only international companies affected by these issues, nowadays medium and even small enterprises as well as the public sector are required to keep an eye on these issues. As a result of this, we are here to assist our clients in meeting these increasing demands.
How we can help - our services include, but are not limited to:
- Data Privacy: In this context, we provide clients with thorough data protection assessments, the identification of applicable regulation requirements for their organisation, the development of an understanding of notice, the right to assent to change and disclosure practices, assistance with developing an effective privacy program, as well as the identification and classification of sensitive customer information. Additionally, our service includes developing data access policies, designing data access processes and security controls, establishing a roadmap and scorecard to facilitate ongoing monitoring and continuous improvement of the privacy program, and identifying response protocols and processes for actual breaches.
- Privacy Impact Assessment: We assess our clients Privacy Programs for newly implemented IT systems, changes in IT systems, and IT development.
- Identity and Access Management: Our services include logical access controls, monitoring, information disclosure and disposal, controls, physical access controls, third-party service providers, data encryption, ISO 27001 assessment, data integrity/change control, transaction and data flow analysis, and dual control procedures.
- Information Security Officer/ Data Privacy Officer support: We help our clients with GDPR related assessment of roles and qualifications and the assessment of outsourcing to service organisations.
- Cloud Computing: We provide clients with cloud maturity, governance, and control as well as security assessments.