What is the GDPR?

“Europe’s new data privacy and security law includes hundreds of pages’ worth of new requirements for organizations around the world. It’s the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.”

Our role is to enable organizations manage the risk born by this regulation and help shield them from possible exposure. Though our security services we guide organizations to create simple, clear processes for managing privacy, protect their data and manage the exposure inherited by vast amount of data collected and handled daily. 

GDPR Privacy Program Development

Design and implement the processes needed to comply with Europe’s General Data Protection Regulation. Our Team car Review and update policies, processes, and procedures to meet GDPR requirements, train employees, Conduct data privacy impact assessments (DPIAs) for high-risk processes and activities, customize privacy notices, drafting marketing Practices and we can even serve as your Data Protection Officer.

Data Protection Officer as a service

Pursuant to the GDPR art 37, the DPO duties may be fulfilled on the basis of a service contract. This is the most cost-effective solution, as your organization gets an experienced and highly qualified specialist who can quickly advise on GDPR matters, and monitor compliance with GDPR.

Through our DPO service, we deliver tailored data protection support, advice, and expertise to your organisation. Our DPO will work with your organization’s relevant personnel (on-site or remote), as a member of the team, to understand your current processes, and be able to offer the DPO service at the highest standards.

Privacy Gap Analysis

A gap analysis help your organization to identify and understand the differences between the  current and desired state. The three(3) components of a gap analysis are the current state, desired state, and the gap between the two states.

The privacy gap analysis service will help your organization to identify the gaps between the requirements of the regulation and the current processes that are in place within your organization.  A privacy gap analysis allows you organization to proactively identify privacy risks and data protection risks by working on strategies that help close the gaps and minimize the risk.

Data subjects' rights Procedures

GDPR and other Privacy regulations are giving new Rights to the data subjects (e.g. customers, employees). Some of the rights are the Right of access, right to rectification, right to erasure (‘right to be forgotten’), restriction of processing. Each organization needs to have the appropriate procedures in place to answer the requests adequately and in the required timeframes. 

The Data subjects’ rights Procedures service will help your organization to create the appropriate procedures and processes to comply with the requirements of the regulation. Our team will work with your organization’s relevant personnel to collect all the information that is needed in order to draft the procedures. Additionally, our team will review the related section in the Privacy Policy to ensure that all the information for the data subjects is included (e.g. contact information, how to exercise their rights)

Deliverables:  

  • Document with the procedures (description and flows)
  • Training of the responsible personnel in regard to the processes 
  • Document with the comments regarding the Privacy Policy (only the data subject Rights section)

Privacy awareness training

The training of the employees regarding privacy regulations is important for two main reasons. First, is the regulation requirement which states that the employees involved in processing operations needs to be trained and second is the risk that your organization have if the employees are not trained (e.g. an employee is not informed about the data subject rights). 

The training will be tailored to the needs of your organization and designed to broaden your employees’ understanding of data privacy and the related rights and responsibilities.

Indicative topics

  • Definitions
  • What is PII and Sensitive PII
  • Complying with data privacy laws
  • Recognizing personally identifiable information (PII)
  • Keeping passwords secret
  • Reporting a data breach
  • Interactive exercises and Case studies 
  • Basic cyber hygiene training (phishing emails, passwords) 

Review and evaluate existing documentation and/or processes

Most organizations are required to maintain a record of their processing activities, processing purposes, data sharing retention etc. Our Team will review existing documentation such as Policies, ROPA, Retention periods, DPIAs, Privacy Procedures in order to ensure the Compliance with the privacy regulations. The purpose is to identify any possible gaps and make suggestions for the improvement of the documentation.

Provide guidance for Privacy by Design & Privacy by Default

Organizations must implement technical and organizational measures, at the earliest stages of the design of new implementations, or new business processes that involves PII, in such a way that safeguards privacy and data protection principles right from the design phase. By default, organizations should ensure that personal data is processed with the highest privacy protection so that by default personal data isn’t made accessible to an indefinite number of persons .

Our team will examine requirements of the new implementation and the technical specifications to define the Privacy requirements from the design stage. For example, to ensure that only the data necessary would be processed, appropriate storage period, limited accessibility.