The General Data Protection Regulation (GDPR) was enacted by the EU Commission to protect the rights and freedoms of EU persons from damages caused by the processing of their data.
- Applies to all businesses (EU and non-EU) that collect, store, transfer, or process data on EU natural persons.
- Requires informed consent by the data subject for the collection and processing of personal data, as well as the ability of the data subject have their data corrected, returned to them and to be forgotten.
- Will regulate how businesses proactively manage risks when developing a service or process using Privacy by Design concepts, by minimizing personal data collection, securing data and requiring notification of data breaches.
The GDPR becomes effective May 25, 2018.
Failure to comply with the regulation will result in a €20 million fine or 4% of annual global turnover, whichever is greater.
“GDPR applies to anyone, any company in the world, who receives data from the EU. You could be a company with offices in Europe that’s sharing internal data, or you take data from a client based in Europe, or you could just have a customer who’s there.”
– Ira Goldstein, SVP of Technical Operations at Herjavec Group
Why Herjavec Group?
- We offer a hands-on, flexible approach, tailored to meet your organization’s uniqueness and requirements.
- We are a global organization with expert knowledge of multinational regulations and industry directives.
- From identity and access management to incident response, we have expertise and leadership in comprehensive security services to support your complete IT Security lifecycle.
- We bring decades of assessment experience and a keen understanding of specific technologies deployed in your environment.
As a global cybersecurity services expert, with knowledge of US, CDN and UK regulations & government directives, Herjavec Group can support the development of your organization’s Privacy Framework, including GDPR readiness, through a variety of consulting services:
Privacy Program & GDPR Readiness Assessment
- Current state review of existing data protection governance, practices and controls, referencing local, sectoral and global legislations with a focus on GDPR compliance
Final Deliverable: (i) Executive Summary (ii) Assessment Report and Action Plan with recommendations to address identified gaps
Data Protection & Privacy Impact Assessment
- GDPR strongly recommends DPIA or PIA be carried out for existing business services before May 2018
- Evaluation of business service or process that involves collecting, processing, storing or disseminating personal information
Final Deliverable: (i) Risk Assessment (ii) Summarized external stakeholder, controller and legislative feedback (iii) report with risk prioritization, agreed upon remediation efforts and defined timelines
Data Identification & Inventory Discover Workshops
- 2 Day Workshops for developing a record of processing activities and a data inventory snapshot required for GDPR compliance efforts
- Involves Business Process Scoping and Technical Validation/Systems Testing
Final Deliverable: (i) Workbook with inventory of data processing services identified (ii) Listing of sensitive data (iii) Archive of supporting information and (iv) Summarizing memo highlighting workshop completeness and associated risks
Following the initial GDPR assessment, used to address immediate and unique needs, Herjavec Group offers additional technical expertise and support in order to maintain continuous compliance and advance your security posture moving forward: