We work with many compliance companies across the globe to evaluate and guide your GDPR implementation, following 3 critical pillars:
- Technical data protection & portability compliance
- Policy & procedural compliance
- Program management & messaging
Our specialized information security services support these pillars with the follow focus areas, which we leverage to help you comply with GDPR.
- Program Implementation Health Check
- Advisory Services
- ISO 27001/27002 and GDPR Combined Programs
- Executive Leadership Messaging and Advisory
- Program Gap Assessment
- Data Privacy Technical Architecture Assessment
- Program Management and Remediation
- Data Processor/Data Controller Special Topics
- Third Party Controls and Assessment
- Data Protection Officer Guidance and Staffing
- Data Breach Programs and Guidance
- Data Protection and Portability
Our Services in Action
There are 7 key requirements of the GDPR you must meet before the deadline to avoid fines and penalties. Here’s how we approach fulfillment and implementation of these requirements to ensure your compliance.
1. Appoint a Data Protection Officer
The data protection officer would be responsible for monitoring internal compliance of the GDPR across various business functions. DirectDefense offers 3 great options to help you comply.
- We will help you identify an individual within your organization who is the best fit for this role.
- Our talent acquisition services can/may procure external candidates to fill this position.
- DirectDefense can function as a data protection officer to assist you either temporarily or on an ongoing basis.
2. Build privacy into your systems and limit employee access to personal data
High-risk data processing activities can create gaps that leave consumer data more vulnerable. We can assess your security program to ensure the correct privacy protections are in place, and provide detailed reporting about all data use and any permission changes.
3. Receive data subject consent
It is imperative for consumers to know what types of data are being collected and how it will be used. We can assist you in implementing a data subject consent program with the correct disclosures presented in the correct format.
4. Implement cross-border data transfers
In the event of a data transfer across borders, we can assist you in implementing a process for handling the transfer in accordance with the GDPR. This process would include:
- Identifying and mapping all cross-border data transfers.
- Assessing the receiving country for each transfer to ensure it provides an adequate level of data protection, and that the appropriate data safeguards are in place.
5. Allow a personal data correction or erasure request
If a data subject requests a correction or erasure of their personal data, you must be equipped to execute on that request. DirectDefense can help you implement data migration capabilities for fast and complete data correction or removal.
6. Enable data portability from one provider to another
Under the GDPR, data subjects have the right to request their data and transfer to another controller. We can help you implement a transfer procedure following the required format and process.
7. Provide breach notification within 72 hours of awareness
Through implementation of an incident response plan, we can help your company become organized and informed to effectively detect and take the required immediate action in the event of a data breach.
- Identification and remediation of any gaps or vulnerabilities in your current security program.
- Development of an action plan for detection and handling of data breach incidents.
- Testing and validation of your security program on a consistent basis.
Preparing for GDPR Compliance
While you are tasked with complying with the requirements of the GDPR, preparing for this change goes beyond simply meeting each component of the law. It’s important to take steps now to prepare for the law’s implementation.
- Communicate about the law with internal stakeholders to create awareness.
- Understand what data within your organization will be covered by the GDPR.
- Determine any new technologies and processes you will need to adopt to comply with the law, and establish a budget.
- Provide any necessary employee training.
GDPR is More Than Requirements–it’s Understanding Compliance
While you are focused on meeting the GDPR regulations, it’s important to also be sure your business is 100% complaint. Meeting compliance requirements can be challenging when there are multiple industry-specific standards and mandates your business needs to fulfill.
We perform a comprehensive assessment that considers:
- The industry you’re in and all associated compliance requirements
- Your specific security risks and liabilities
- Your business goals and objectives
We then provide a security compliance program that addresses each element of our tailored assessment and puts your business in charge of all regulations and mandates required by your specific industry.
Core Compliance Offerings
- Gap Assessment
- Compliance Audit
- Risk Assessment
- Compliance Program Development
- Executive Guidance and Messaging
- Project/Program Management
Additional Compliance Services:
- Policy Creation
- Incident Response Creation/Planning
- Secure Baselines Creation
- Specialized Training
- Public Messaging
Don’t find your business in non-compliance. By preparing early and effectively, you will avoid costly fines or hasty implementations down the road.
Ensure your compliance with the GDPR. Contact us today.