GDRP Compliance check
Are you ready for GDRP?
What is GDPR?
The European Parliament adopted The General Data Protection Regulation GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU
Among the new rules, provision include:
Organisations based outside the EU must adhere to the same rules as European based companies if they process personal data of EU residents.
When does your company need to be GDPR compliant ?
It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.
What happens if your company is not compliant?
Several sanctions can be imposed, ranging from a simple warning in writing of non-compliance to up to $20 million EUR or 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.
Is your company prepared ?
Probably not if you are reading this .. GDPR has legal and technical implications, Silent Breach can help on both fronts determine if you company is ready or not for GDPR.
Silent Breach can assist in understanding your company's posture with respect to GDPR and assist in implementing the gaps to meet this new regulation.
Silent Breach works with several GDPR experts and lawyers all across Europe to certify that you will be compliant and following the european guidelines.
Silent Breach can assist with:
Awareness and communication
Silent Breach can develop an Information Security Policy so that all employees understand GDPR and communicate with services and staff about why you are collecting data.
Silent Breach can help develop a culture of privacy within the company, to implement data protection by design and by default.
Audit & Analysis of personal data
Silent Breach can help you analyse and track a list of all sensitive data you store and process, and identify who is responsible for this data.
Customer data needs to be retained on servers that are physically located in the EU, even if processed as part of a global product or service.Review procedure
Silent Breach can help review your current privacy/security procedures and assist in the wording to make them compliant.
In particular, existing procedures need to include specific provisions to cover all the data points in the GDPR regulation, or be fully rewritten to fully comply.
Protect private data
Silent Breach can help develop an IT strategy to implement data protection, back ups and a rescue plan to guarantee business continuity in case of a data breach.
Silent Breach can also assist on a more general business continuity program, not only on the technical disaster recovery procedures.
Access rights & Customer consent
Silent Breach can help ensure your customers actually consent to you processing their data, we will work with a legal firm to guarantee the data is gathered fairly and complies to GDPR guidelines.
Data breaches
Silent Breach can help you implement procedures to handle emergencies and data breaches, make sure you are able to communicate efficiently with the outside world within 72 hours. Additionally Silent Breach can offer penetration tests to secure your network and make sure you don't get hacked in the first place.
Impact assessments
Silent Breach can carry out a data protection impact assessment, help you with threat modelling and risk aversion, within the GDPR guidelines and beyond.
Silent Breach can assist in making this assessment part of an overall business continuity program also.
Appoint a Data Protection Officer (DPO)
Silent Breach can help choose the best resources internally to act as a DPO, which position is mandatory in the GDPR guidelines.
In addition, Silent Breach can assist in building a team around the DPO.