Strengthening the protection
The General Data Protection Regulation (GDPR), a set of consumer data privacy regulations that applies common guidelines to companies across the EU, poses a looming issue for any business and government authority. The Regulation will be enforced on 25 May 2018 and it will demand new requirements for all businesses in terms of working with personal data, adjustment of IT systems and data processing.
Squalio provides a wide range of services and solutions helping you understand the scope in which GDPR affects your organisation and, most importantly, meet the Regulation’s vast requirements. Squalio GDPR Compliance Assessment is the first step towards GDPR compliance that identifies legal and IT security gaps in existing systems and processes.
GDPR assessment process
assessment can be made in cooperation with a legal office or
carried out as a standalone activity
legal compliance
Assessment and provision of legal compliance is performed in three stages:
STAGE I – ASSESSMENT
High-level mapping of the situation and data flows
We gather the first input via interviews with key personnel and organising seminars the involved persons. We precisely ascertain: what kind of personal data and for what purpose are processed? Which means (systems) are used for that?
STAGE II – ANALYSIS
Gap analysis and recommendations
We verify whether there is a relevant and valid legal basis for processing personal data. We assess and identify areas where a business needs to implement legal or organisational measures to comply with the requirements of the Regulation. We provide assessment of risks associated with non-compliance and recommend what measures the company should implement.
STAGE III – IMPLEMENTATION
Implementation of legal or organisational measures
Depends on the Assessment, and may be done by the customer themselves with our assistance. Typical implementation measures may include: employee training; creating a registry of processing personal data where the company is in the role of a data controller or a data processor. Preparing or updating policies of data processing, internal guidelines/codes of conduct, processes and rules of the Regulation, contract templates with customers.
IT compliance
Assessment and provision of technical compliance is performed in two stages:
STAGE I – ASSESSMENT
IT security/personal data leakage risk assessment; non-compliance with the Regulation
The necessary information is obtained by interviewing IT management, the security manager and other involved employees, as well as by performing software and hardware audit with specialised scanning means and methodology.
At the conclusion of this stage, the customer receives: a report on Information Systems, security/personal data leakage risks and the Regulation compliance assessment with the identification of risks and compliance issues; a report with IT solution implementation and improvement recommendations (arranged according to the priorities) to mitigate identified risks and compliance issues; a calculation of costs for purchasing, implementing and supporting IT solutions (including company employee involvement assessment).
STAGE II – IMPLEMENTATION
This stage enhances and/or implements new IT solutions
For example, mechanisms for the control of access and rights, tools for the identification of attacks and data leakages, detailed auditing, data classification and labelling solutions, and other security controls for mitigating risks of personal data leakage. We provide IT solution support in the entire solution life cycle, regular solution updates and maintenance, cooperation with the IT manager and the DPO to maintain GDPR technical compliance, all the while providing employee training.