GDPR Implementation and Readiness

General Data Protection Regulation (GDPR) as a new law, effective May 25, 2018, requires some significant changes in the way Mobile Apps, Websites operate currently. Core of the law requires ‘Forget Me’ for end users and this implies relevant user interface changes as well as data encryption in transit and archiving. Apps using AI or machine learning also need tweaks in the way data can be processed or presented for end users opting to ‘Restrict Processing My Data’.

Why Is It Important?
  1. Transparency, fairness, and lawfulness in the handling and use of personal data
  2. Minimizing the collection and storage of personal data
  3. Ensuring the accuracy of personal data and enabling it to be erased or rectified
  4. Limiting the storage of personal data.
  5. Ensuring security, integrity, and confidentiality of personal data
  6. Expanded jurisdictional reach
  7. Expanded “personal data” definition
  8. “Technical and organizational [security] measures”
  9. Severe penalties (4% of overall Turnover of the Company or €20M, whichever is greater)
How We Can Help?
  1. Privacy Framework for Governance
  2. Training for DPO (Data Protection Officer)
  3. Data inventory – identify processes and unlawful held data
  4. Audit & Mapping of Data Flow
  5. Compliance & Technical Gap Analysis
  6. Information Commissioner Notification support
  7. Implementing Personal Information Management System
  8. Privacy GAP / Current State Assessment
  9. Implementation of ISMS as per ISO 27001 Standard
  10. Defining and Creating Incident Response Process
  11. Continuous Monitoring, onsite Consultancy
  12. Vulnerability Assessment & Penetration Testing
  13. Yearly Readiness Audit