GDPR Compliance

Is your organization looking to start the process of GDPR compliance? Core Compliance provides consulting services in guiding companies to General Data Protection Regulation compliance. We start a 5 step process gap analysis of your organization –

GDPR Gap Assessment

Companies/organizations need to take measures to reduce the amount of employees personally identifiable information they store, and develop a process to eliminate what and where this information resides.

What is GDPR (General Data Protection Regulation)?
What are the challenges to start the process?
How does this effect our organization?
Is your company educated on General Data Protection Regulation (GDPR) (General Data Protection Regulation in regards to Data Protection Reform for the digital era, by the Council of the European Union and the European Commission.)
What is the E U Data Protection Act (DPA)?
Aware of penalties and fines for non compliance, and deadline?

GDPR internal assessment

Have you developed a data protection plan?
Familiar with Privacy Impact Assessment?
What are the elements, and criteria and how is it secured?
Have you controlled access to personal data?
Who oversees the data protection plan, maintaining, regulating and ensuring it is effective?
Appointed a data protection officer?
Where is the evidence documented and how a data breach is communicated with and resolved?

The GDPR not only applies to organizations/companies located within the European Union, but it will also apply to companies in the United States and globally that offer goods or services to, or monitor the behavior of, EU data subjects. Any company that processes and is holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

GDPR Deadline for Compliance

Core Compliance provides a clear road map to meet the GDPR Deadline for Compliance. We evaluate your current systems and ensure compliance within your timeline & budget. This regulation will take effect after a two-year transition period and, it will be in force May 2018. The EU General Data Protection Regulation (GDPR) was designed to merge & harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy for companies that employ European citizens worldwide.

Penalties for non-compliance to GDPR:

Companies must adapt their data handling, information security, compliance processes and contractual relationships by 25 May 2018. They can and will be fined up to 4% of annual global turnover for non compliance to GDPR and up to 20 million fine. Some of the non compliant issues would include not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.

What is Personal Data?

GDPR Requirements

GDPR Policies Procedures

GDPR Implementation Plan

Steps to GDPR Compliance

GDPR Steps to Compliance

Step 1- Access data sources to develop data security protection plan, with all the common knowledge or perception of where you think personal data is stored. Outline the data landscape with a List all sources. The key aspect to develop is the ability to evaluate all data sources into one view.

Step 2- Identify the personal data criteria categories and search your different data sources, to extract personal data items such as names, emails, social security numbers, etc. Do you have tools for data extraction?

Step 3- Govern- How is personal data understood, and communicated throughout your organization? Develop controls related to data protection and a communication plan defining roles & definitions with how employees are receiving

Step 4- Protect– Outline a process including forecasting, querying and reporting. To protect your personal data governance model, remove personally identifiable information from data. Replace personally identifiable information in data & encryption, which encodes personally identifiable information in data training.

Step 5- Audit– A vital element of GDPR is auditing. At this stage, the regulator will ask you to prove that you some of the following:

Know what personal data you have and where it’s located, across your data landscape.
Manage the process for getting permission from individuals who are involved
Track and document how personal data is used, who uses it, and for what purpose.
Have the appropriate processes in place to manage the right to be forgotten, data breach notifications and more.

Implementing the GDPR will affect your entire organization. You’ll need to go back to the drawing board and rethink how personal data is handled from the source to the point of consumption. You’ll also need to consider how your data management and data governance frameworks will support GDPR requirements.

GDRP Consulting Services

Core Compliance has extensive experience in consulting, educating & training organizations in providing GDRP Consulting services for a clear path to compliance. Our consultants evaluating your current state of GDPR compliance & develop a road map schedule in building a data compliance framework. Our consultants develop ISO/IEC 27001:2013 information security management process & incorporate GDRP compliance. Learn More

Road-map to Compliance

Gap Analysis/Audit of Data Flow
Develop a Data protection impact assessment (DPIA) (Mitigate risks of new processes)
Implementation of Gaps to GDRP transition services
- Data protection frameworks
- Policies and procedures
- Data processor management
- Information security
- Incident management
- International data transfers
- Compliance documentation
Training of Personnel/Employees (understand their responsibilities guidelines for GDPR
Data Protection Officer (DPO) Role/Requirements