GDPR Compliance
Are you looking for GDPR compliance?
1. What is the challenge to start the process? How does this effect our organization?
2. Is your company compliant and educated on General Data Protection Regulation (GDPR) EU Data Protection Act (DPA)?
3. Aware of penalties and fines for noncompliance?
Global Management Consulting provides consulting services in guiding companies with a straight forward approach in creating clear policies and procedures to protect personal data & well as in technical and organizational compliance measures for General Data Protection Regulation. Companies/organizations need to take measures to reduce the number of employees personally identifiable information they store, and develop a process to eliminate what and where this information resides.
Some basic questions to ask internally,
• Have you developed a data protection plan?
• Familiar with Privacy Impact Assessment?
• What are the elements, and criteria and how is it secured?
• Have you controlled access to personal data?
• Who oversees the data protection plan, Maintaining, regulating and ensuring it is effective?
• Appointed a data protection officer?
• Where is the evidence documented and how a data breach is communicated with and resolved?
General Data Protection Regulation (GDPR is a regulation by which the European Parliament, in regards to Data Protection Reform for the digital era, by the Council of the European Union and the European Commission.
The GDPR not only applies to organizations/companies located within the European Union, but it will also apply to companies globally that offer goods or services to, or monitor the behaviour of, EU data subjects. Any company that processes and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What is Personal Data? What is considered personal data, or European Union Data subject?
• Name;
• Photo;
• Email address;
• Posts from Social Networks- Facebook, LinkedIn;
• Banking info;
• IP Address;
• Medical Records.
Internal Steps to GDPR Compliance
GDPR Steps to Compliance
Step 1. Access data sources to develop data security protection plan, with all the common knowledge or perception of where you think personal data is stored. Outline the data landscape with a List all sources. The key aspect to develop is the ability to evaluate all data sources into one view.
Step 2. Identify the personal data criteria categories and search your different data sources, to extract personal data items such as names, emails, social security numbers, etc. Do you have tools for data extraction?
Step 3. Govern – How is personal data understood, and communicated throughout your organization? Develop controls related to data protection and a communication plan defining roles & definitions with how employees are receiving.
Step 4. Protect – Outline a process including forecasting, querying and reporting. To protect your personal data governance model, remove personally identifiable information from data. Replace personally identifiable information in data & Encryption, which encodes personally identifiable information in data training.
Step 5. Audit – A vital element of GDPR is auditing. At this stage, the regulator will ask you to prove that you some of the following:
• Know what personal data you have and where it’s located, across your data landscape;
• Manage the process for getting permission from individuals who are involved;
• Track and document how personal data is used, who uses it, and for what purpose;
• Have the appropriate processes in place to manage the right to be forgotten, data breach notifications and more.
Implementing the GDPR will affect your entire organization. You’ll need to go back to the drawing board and rethink how personal data is handled from the source to the point of consumption. You’ll also need to consider how your data management and data governance frameworks will support GDPR requirements.
GDPR Consulting Services
Global Management Consulting has extensive experience in consulting, educating & training organizations in providing GDPR Consulting services for a clear path to compliance. Our consultants evaluating your current state of GDPR compliance & develop a road map schedule in building a data compliance framework. Our consultants develop ISO/IEC 27001:2013 information security management process & incorporate GDPR compliance.
• Gap Analysis/Audit of Data Flow;
• Develop a Data protection impact assessment (DPIA) (Mitigate risks of new processes);
• Implementation of Gaps to GDPR transition services;
• Data protection frameworks;
• Policies and procedures;
• Data processor management;
• Information security;
• Incident management;
• International data transfers;
• Compliance documentation;
• Training of Personnel/Employees (understand their responsibilities guidelines for GDPR;
• Data Protection Officer (DPO) Role/Requirements.