GDPR Compliance Services
The General Data Protection Regulation, or GDPR, is perhaps the biggest compliance requirement to come out in the past 10 years. In the run up to the effectiveness date of May 25, 2018 and thereafter, companies around the world, regardless of size, must ensure that they are securing and maintaining the privacy of the data they hold on data subjects in the European Union.
What is GDPR?
GDPR is the European Union's legal framework that outlines requirements for companies that collect and process personal information of data subjects in the EU. This stringent framework imposes significant penalties, $20M Euros or 4% of revenue, whichever is GREATER, for those who violate GDPR and expose the personal information of data subjects in the EU.
GDPR Core Requirements
Some of the core requirements that organizations need to address include:
- Data Classification and Identification - What information do you maintain that falls under the umbrella of GDPR and their definition of personally identifiable information?
- Data Mapping - Once you identify what data you maintain, the next question you need to answer is where does this data reside on your network and with your cloud service providers?
- Physical and Logical Controls - Once you identify what data you have and where that data resides, you must assess the interaction of people, process, and technology to determine the appropriate controls to maintain the safety of this data
Compass IT Compliance Services
- GDPR Risk Assessment - Assess your current level of compliance with GDPR, identify gaps in controls, and identify key work areas that your organization must address to achieve and/or maintain compliance with the regulation
- GDPR Audit - Our experienced, certified IT Auditors will examine your IT controls mapped against GDPR requirements, obtain evidence to determine if the controls are operating effectively to achieve your organization's objectives and satisfy regulation requirements, and provide attestation of audit along with remediation strategies. A deeper dive assessment compared to the GDPR Risk Assessment, the GDPR Audit will include evidence sampling
- GDPR Advisory Services - Work with your organization and tailor our project to your specific needs to address any concerns that you have related to GDPR, assist in the implementation and updating of policies and procedures, or assist in assessing the risk your third party providers pose related to GDPR
GDPR is here and enforcement is under way. Contact us today to learn how Compass IT Compliance can assist you with your GDPR compliance needs!