The EU General Data Protection Regulation (GDPR) will be enforced from 25 May 2018 and will not be affected by the UK’s decision to leave the EU. We has a long history of advising organizations on how to ensure they meet information handling requirements, whether this be for statutory reasons (DPA), to meet compliance (PCI), regulatory (FCA) or government requirements (HMG).
We have tailored a service that reviews your organization preparedness for GDPR based on our experience to date and our understanding of the regulation.
The WHY Secure GDPR Service:
GDPR requires board-level awareness and recognition of both legal and financial responsibilities. A comprehensive risk register and detailed accountability framework are also fundamental requirements.
Our review will look for evidence of compliance to a recognized standard (such as ISO 27001 or Cyber Essentials Plus), as well as appropriate policies, data protection officer requirements, privacy impact assessments, incident response and breach reporting.
The process includes an initial review of existing controls, with appropriate interviews and evidence collected, and then an assessment against the requirements of GDPR to produce a gap analysis report. This report then forms the foundation for a risk treatment plan.
The process includes an initial review of existing controls, with appropriate interviews and evidence collected, and then an assessment against the requirements of GDPR to produce a gap analysis report. This report will form the foundation for a risk treatment plan.
This should include:
An overview of the findings including a graphical representation of the customer’s current security and data protection posture.
Gap Analysis Summary
A representation of each control so that the customers can prioritize remediation.
Red, Amber, Green (RAG) Gap Analysis
This spreadsheet can be turned into a risk treatment plan
This section may also provide further advice or recommended activities that we feel are necessary