GDPR COMPLIANCE PROGRAM

WHAT IS GDPR?

In 2016, the European Union (EU) adopted the General Data Protection Regulation (GDPR).  It is a replacement of the 1995 Data Protection Directive (Directive 95/46/EC). Because GDPR is a regulation and not a directive, it is not open to interpretation by the member states and will be implemented uniformly by supervisory authorities across the EU.

The GDPR took effect May 25, 2018.

The GDPR applies to processing carried out by organizations operating within the EU.  It also applies to organizations outside the EU that offer goods or services to individuals in the EU.

There is currently no statutory GDPR compliance certification; a business entity cannot be certified as GDPR compliant. Business entities are expected to put into place comprehensive governance measures that should minimize the risk of breaches and provide the protection of personal data.

GPDR compliance can be achieved through the implementation of appropriate technical and administrative controls.

RESOURCES

gdrp-101 gdpr-checklist gdpr-estab
GDPR 101 GUIDE GDPR CHECKLIST ESTABLISHING YOUR GDPR PROGRAM GUIDE

 

BENEFITS

Benefits of the GDPR Compliance Program and Privacy Impact Assessment performed by RedLegg include:

INSIGHT:

Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

Tabletop-Exercise-Pillar-Banner

See how a tabletop exercise can better protect your data and customer privacy. 

LEARN MORE

PROJECT SCOPE & ENGAGEMENT

RedLegg’s full-service GDPR Compliance Program includes the following services:

PHASE 1:
INITIAL PRIVACY IMPACT ASSESSMENT

Audit of the business processes to determine the type of personal data that is currently collected, stored, processed, and exchanged with affected external entities.

Review of the data minimization practices as a part of the data lifecycle.

Evaluation of your ability to support Individual Rights defined by the GDPR.

PHASE 2:
DATA DISCOVERY AND ACCESS CONTROL AUDITS

Discovery and analysis of GDPR-related data residing on-premises and in cloud-based applications and systems (File shares, SharePoint, Databases).

Data access/data protection controls and monitoring capabilities evaluation.

PHASE 2:
VIRTUAL DATA PROTECTION OFFICER SERVICE

Ongoing management, operationalization, and maintenance of the GDPR Compliance Program through continuous advice, recommendations, feedback and interaction with your Corporate Management.

  • PHASE 1:
    INITIAL PIA
  • PHASE 1:
    INITIAL PRIVACY IMPACT ASSESSMENT

    Audit of the business processes to determine the type of personal data that is currently collected, stored, processed, and exchanged with affected external entities.

    Review of the data minimization practices as a part of the data lifecycle.

    Evaluation of your ability to support Individual Rights defined by the GDPR.

  • PHASE 2:
    DISCOVERY & AUDIT
  • PHASE 2:
    DATA DISCOVERY AND ACCESS CONTROL AUDITS

    Discovery and analysis of GDPR-related data residing on-premises and in cloud-based applications and systems (File shares, SharePoint, Databases).

    Data access/data protection controls and monitoring capabilities evaluation.

  • PHASE 3:
    VDPO
  • PHASE 2:
    VIRTUAL DATA PROTECTION OFFICER SERVICE

    Ongoing management, operationalization, and maintenance of the GDPR Compliance Program through continuous advice, recommendations, feedback and interaction with your Corporate Management.

REPORTING & DELIVERABLES

 

  • PHASE 1
  • PHASE 2
  • PHASE 3

PHASE 1

For the Initial Privacy Impact Assessment, receive...

  • Initial Privacy Impact Assessment Report
  • High-Level Remediation Plan

PHASE 2

For the Data Discovery and Access Control Audits, receive...

  • GDPR Data Discovery, Data Controls and Monitoring Report
  • Updated Privacy Impact Assessment Report
  • Updated Remediation Plan

PHASE 3

For the vDPO (virtual Data Protection Officer) Service receive on an as-needed basis...

  • Project Plans
  • Budget Plans
  • Status Reports
  • Meeting Notes
  • PHASE 1
  • For the Initial Privacy Impact Assessment, receive...

    • Initial Privacy Impact Assessment Report
    • High-Level Remediation Plan
  • PHASE 2
  • For the Data Discovery and Access Control Audits, receive...

    • GDPR Data Discovery, Data Controls and Monitoring Report
    • Updated Privacy Impact Assessment Report
    • Updated Remediation Plan
  • PHASE 3
  • For the vDPO (virtual Data Protection Officer) Service receive on an as-needed basis...

    • Project Plans
    • Budget Plans
    • Status Reports
    • Meeting Notes

OUR APPROACH

RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.

RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.

RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.

ARMEElogo-1

GET GUIDANCE.

Make sure your company is protected from GDPR fines.

REACH OUT TO AN EXPERT