The European Union’s General Data Protection Regulation (GDPR) is a new set of laws that dramatically affect data privacy practices globally. Any organization that processes or controls any data pertaining to EU citizens must be in compliance with the new regulation in order to avoid facing steep penalties.
Organizations will therefore need to assess key security components and processes like data breach detection and notification, data controller and data processing procedures and training to ensure they meet the mandates of the GDPR. The “right to personal data” and “right to be forgotten” are additional measures that organizations must adhere to. Fortunately, Sage Solutions Consulting (SSC) can help to ensure the security of Personally Identifiable Information (PII) stored in your systems.
To ensure GDPR Compliance Sage Solutions Consulting will:
ASSESS AND AUDIT: Sage Solutions Consulting will identify where personal data is stored by conducting an independent review and audit of your existing GDPR program and related practices to identify potential areas of improvement and ongoing compliance.
DATA ACCESS: Determine who can access this data (users, roles, groups), and develop a GDPR specific personal data map and inventory personal data across the enterprise, where it flows internally and externally in the organisation. This defines a standardized process to review and efficiently handle Data Subject requests, including defining roles and responsibilities for internal and external stakeholders. This enables efficient data mapping, identification and searching across diverse data sources.
IMPACT ASSESSMENT: Detect misconfigurations and vulnerabilities that may allow unauthorized data access under the GDPR. Additionally, define and classify data to identify redundant, old or trivial (ROT) data appropriate for remediation, and decommission applications.
PRIVACY BY DESIGN: Assess risks for specific areas, systems or projects, update system provisioning processes, policies, procedures, roles, and technical standards, and review and align with an Enterprise Risk Framework.
DATA BREACH PREPAREDNESS AND RESPONSE: Develop and implement incident response preparedness, response and notification plans to help companies meet the 72 hour breach notification requirements.
CHANGE MANAGEMENT: Develop GDPR awareness campaign and develop multi-channel stakeholder specific training materials for employees, HR, IT, Customer Support, Marketing, and other key stakeholder areas. Ensure client specific drivers are fully reflected in messaging and training.
FUTURE-PROOF: Ensure a system and framework is in place to monitor the security of your data and systems. Provide privacy subject matter expertise and assist with the implementation of GDPR enabling technology.
With the help of our proprietary tool set and our experienced professional services, Sage Solutions Consulting (SSC) will ensure your compliance with the GDPR by identifying and eliminating all potential risks.
Contact us today to get started. We speak fluent GDPR.