How to ensure GDPR compliance
GDPR concerns the privacy and security of personal data of EU citizens
The General Data Protection Regulation (GDPR) was developed to ensure that EU citizens have control of their personal data – strengthening and unifying data protection for individuals within the EU, whilst addressing the export of personal data outside of the EU.
Privacy and data security is truly a global issue. GDPR impacts companies that handle EU resident data – and that includes businesses in post Brexit Britain, U.S. cloud providers and any other organization doing business with residents of the EU.
Non-compliance could cost you dearly. If a company fails to comply with the GDPR – for example, by not having the proper controls in place, losing customer data, or failing to make personal data available to data subjects within ‘a reasonable time’ – they may face fines of up to 4% of their global turnover, or €20 million, whichever is greater.
With cyber attacks and data breaches on the rise, coupled with increased consumer awareness, achieving and maintaining GDPR is a priority for organisations of all sizes.
- GDPR compliance assessment: highlights any gaps to maintaining compliance
- Solution focused: provides recommendations to improve compliance
- Trusted expertise: 15+ years experience implementing mission-critical cyber programs
Privacy of personal data is a major concern for consumers
A recent RSA Data Privacy & Security Report, which surveyed 7,500 consumers in France, Germany, Italy, the Uk and USA, highlighted that as businesses continue their digital transformations, making greater use of digital assets, services, and big data, they must also be accountable for monitoring and protecting that data on a daily basis.
The survey reported that:
80% of consumers said lost banking and financial data is a top concern
76% said that lost security information (e.g., passwords) and identity information (e.g., passports or driving license) was also a major concern
73% of respondents stated they are more aware of data breaches compared to five years ago
62% claimed they would blame the company for their lost data in the event of a breach, not the hacker
55% avoided handing over data to a company that has been selling or issuing data without consent
50% of all respondents said they would be more likely to shop at a company that could prove it takes data protection seriously
Consumers’ awareness of data capture and breaches is growing, and as consumers become better informed, they expect more transparency and responsiveness from the companies handling their data.
Maintaining the Security Principle of GDPR is more important than ever
A key principle of GDPR is The Security Principle, at a glance it means that:
Your security measures must ensure the ‘confidentiality, integrity and availability’ of your systems and services and the personal data that you process within them, and you must process personal data securely by means of ‘appropriate technical and organisational measures.
Doing this requires you to consider things like risk analysis, organisational policies, and physical and technical measures. You also have to take into account additional requirements about the security of your processing – and these also apply to any 3rd party data processors who work on your behalf.
You also need to ensure that you have appropriate processes in place to test the effectiveness of your measures, and undertake any required improvements.
We offer a GDPR Compliance Assessment
The far-ranging nature of GDPR legislation, rising consumer awareness, and the potential financial impact of customer backlash and regulatory action, make it critical that businesses regularly review their data collection and processing frameworks to ensure the safety and privacy of the data they hold.
A GDPR Compliance Assessment by Infosec Partners helps organisations to achieve and maintain GDPR compliance.
- Performing a thorough review of both security policies and infrastructure in place, as well as agreements with 3rd party suppliers who may process data on your behalf, we identify any gaps to compliance and provide a clear path to bridge the gap.
- Be able to demonstrate you can react quickly to a breach.
- Establish a framework for accountability
- Ensure Privacy by Design is embedded into processes and products.
- Be aware of how much personally identifiable information (PII) you process.
- Ensure your privacy notices and policies are clear and easy to understand.
- Consider the rights of data subjects.
- If you are a supplier, consider whether you have new obligations. If you use suppliers, consider how they manage your client data.
Expert guidance from our team of professional cyber security specialists
Our team of security analysts and advisors are on hand to help your organisation achieve and maintain GDPR compliance:
- Highly skilled security analysts and threat intelligence personnel
- Dedicated Service Delivery Manager
- Our global managed security services have achieved ISO 27001 certification
- Established and trusted with 15+ years experience implementing mission-critical data security, risk, and compliance programs
- Technology and vendor agnostic and we will always recommend the best solution set for you
- One of the few managed security service providers to deliver full-spectrum security whilst supporting any-vendor any-device