PCI QSA Company, Certified as ISO 27001 & 9001

GDPR Compliance

Quick & easy GDPR Compliance

On 25 May 2018, the new EU General Data Protection Regulation (GDPR)
will come into effect. Is your organisation ready to comply?

GDPR Compliance

ValueMentor has experience in developing & implementing privacy programs that leads to GDPR compliance. We understand that aligning technology with governance, risk and compliance (GRC) is the best approach towards achieving GDPR objectives. Our ADAPT methodology helps organizations achieve GDPR compliance ahead of the compliance dates. Irrespective of your state of current GDPR compliance or efforts, our team can help you continue the GDPR journey without starting over from the beginning.

WHY GDPR

GDPR is the most authoritative privacy regulation that affects global organizations. It makes the organizations entities responsible for privacy and security of personal information. The regulation focuses on the concept of individual rights to be upheld while processing personal data. A maximum fine of 4% of global turnover is an important consideration as it directly impacts the organizational profitability. Associated reputation impact and loss in shareholder value would increase the residual risk that organizations need to manage.

ValueMentor ADAPT Methodology for GDPR Compliance

Assess

  • GDPR Readiness Assessment
  • Global Privacy Impact assessment
  • GDPR technology Impact assessment
  • Data discovery & Mapping

Design

  • GDPR Compliance roadmap
  • Privacy program development
  • Technology upgrades
  • Privacy by Design
  • GDPR policies & reference architecture

Align

  • Implement and execute policies, processes and technologies
  • Implement Privacy controls
  • Implement security Controls

Practice

  • Data Privacy Operators
  • Data Lifecycle management
  • Data access & use monitoring
  • Management reporting services
  • Data security management

Test

  • GDPR Compliance audits
  • Regular Security testing to detect weaknesses early
  • Incident response tests
  • 3rd Party Risk Assessments & Audits

Utilize the ADAPT GDPR framework for your GDPR Compliance

IDENTIFICATION, DATA MAPPING & DATA FLOW ANALYSIS

  • What data you have
  • How is the data collected
  • What data you need
  • What data you want to keep or delete
  • Data retention period
  • Who has access to these data
  • Who is involved in the processes of these data
  • Which are the tools used for the processes of the data
  • In what business processes are the data used

Based on the information collected, we work with your business team to identify the data flow within the organizations and to external parties. The data flow analysis provides an overview of the systems:

  • Where the company stores data
  • The process according which the company processes data and
  • How data are exchanged between the systems.

The outcome of the identification phase will be a complete overview of the company’s personal data, of the systems, processes and people that handle them.

GDPR GAP ANALYSIS

The GDPR Gap Analysis phase of the project is to help the organization identify the areas where potential gaps to the GDPR compliance exits. This phase utilizes the results of the data identification & data mapping to identify the gaps in GDPR data life cycle management.

DATA PRIVACY IMPACT ASSESSMENT

Conducting Data Privacy Impact Assessment (DPIA) is a key requirement towards GDPR Compliance. DPIA need shall be performed before the implementation of specific initiatives. Performing Privacy Risk Assessment will provide insights on the capability of the organization to provide CARE (Consent, Access, Receipt & Erasure) for the personal data.

The objective of a DPIA is that extreme cases of data breach is considered, anticipated and thereby addressed by the management in protecting the GDPR personal data. Key stages of a DPIA would include:

  • Threat identification
  • Impact identification
  • Evaluation of vulnerabilities
  • Identifying the Privacy risks
  • Risk treatment plan development

IMPLEMENTATION OF ACTION PLANS

The implementation phase is for the organization to remediate the gaps identified and implement controls to reduce the risks to acceptable levels. ValueMentor team will provide advisory and governance services towards the remediation. Key focus would be given on process measures and technical measures.

Process measures : We will help the organization develop the GDPR governance structure, policies and procedures, checklists and/or process diagrams etc. This will enable the organization to demonstrate how it implements, maintain, updates and ensures the company adheres to GDPR Compliance

Technical measures: We will help the organization in designing the controls and defining the security and privacy architecture required for GDPR compliance. This will enable the organization to securely structure the systems and infrastructure to support the business process

It is required that all private and public companies / organisations subject to the EU GDPR be able to document at any times that they are compliant with the GDPR.

GDPR INCIDENT RESPONSE PLANS

GDPR requires that organizations must perform breach notifications to the relevant authorities within 72 hours of a data leak. The report shall have the following information:

  • Type of data leaked
  • Number of registered parties affected by the data leak
  • Consequences to those registered parties
  • Actions taken to ensure that this does not happen again

Considering this requirement, it is important to develop incident response plans, test them so that it can be utilized immediately when it is needed. these plans will detail the procedure to be followed and the responsibilities of the people involved in indent response.

AWARENESS – TRAINING

GDPR compliance is a organizational effort. Educating the personnel in the organization who handles personal data is an important step. This will make the employees aware of their specific tasks regarding to the protection of personal data.

The capability of the workforce to understand the responsibilities in handling personal data and apply them correctly, efficiently and using the set out tools, process and systems will ensure the company’s compliance with the requirements set out in the GDPR.

ONGOING MANAGEMENT & FOLLOW-UP

Compliance is not a one time activity. GDPR compliance is an ongoing task that require continuous monitoring, evaluation and fine tuning. ValueMentor helps you build a governance model towards ensuring the GDPR compliance a “Business as Usual” activity.

We will help you with periodic health checks, compliance audits and required security testing. The result of these reviews would act as an input towards the Board Meetings and progress assessment of GDPR compliance.

Let us help you with our GDPR ADAPT Framework

We’re always standing by and eager to help

Get Help: [email protected]

© 2018 Valuementor. All rights reserved.