In order to achieve or maintain your eligibility as a business partner of any company that responsively observes their legal obligations regarding data protection, you must secure your own Compliance with the requirements of the GDPR and the related laws and regulations.
On your way to being able to state and demonstrate your Compliance with data privacy & protection regulations, you may need assistance with:
ACHIEVING COMPLIANCE WITH DATA PRIVACY REGULATIONS – analysis, implementation of technical, legal and organizational measures, compliance support documents, compliance audit
Preliminary analysis in order to determine the current level of compliance of the organization, the level of risk and exposure:
– personnel awareness level,
– management specific knowledge level,
– current common practices,
– existing compliance support documents,
– compliance of the websites and other forms of online presence
Compliance Analysis Report
Organizational measures for the compliance of the operational processes (applicable to the core activities of the organization)
Measures for the financial processes (e.g.: accounting, invoicing, cash transactions, payments etc.)
Organizational measures for the HR activities (recruitment, employment, staff development etc.)
Compliance measures for the support activities (activities supporting the core processes, like logistics, transport, legal, IT&C etc.)
Organizational compliance measures for marketing and communication
Measures for the compliance of the sales and account management activities
Compliance measures for business management and for the shareholders relations activities
Implementation of technical compliance measures- Approximately 120 technical controls are recommended by the ISO/IEC 27001 and 27701 standards. The most appropriate selection will be determined for implementation, by relevance to the specifics and the priorities of the organization:
Measures for the hardware and infrastructure management
Software resources risks management controls
Vulnerabilities management and control measures
Access control management measures, for all the IT system users
Email and web browsers protection measures
Anti-malware protection
Controls for back-up and data recovery capabilities
Network devices safety configuration controls (firewall, routers, switches)
Measures to ensure a proper capability for efficient reaction to incidents
Mandatory risk and impact assessments (DPIA)
Penetration tests, simulations of the reaction to cyber attacks, in a controlled environment.
Compliance supporting documents - Editing, as specific compliance measures are implemented, the 47 types of supporting documents needed to demonstrate Compliance, by categories:
Registry of the Processing Activities (data flows inventory, record keeping, processing details)
Impact analyses (Threats and vulnerabilities assessments, Risk analyses, Data Privacy Impact Assessments – DPIA)
Company policies and procedures (regarding Privacy, Data Retention, Cookies Management, Privacy by Design, Subject Access Requests etc.)
Updated contracts (suppliers risk assessment, data processing agreements, labor contracts specific clauses, job descriptions updates, personnel notifications, contracts inventory etc.)
Updates to the internal regulations and data processing instruments
Specific personnel training evidences
Compliance improvement plan and measures implementation calendar
IT Inventory (applications, network devices and systems, with specifications, allocation, vulnerabilities)
Local data protection responsible person, GDPR implementation committee (names, meetings notes, official appointing)
Compliance evidences for the activities at all the points of contact with the market (data subjects notifications, data subject access requests forms, consent collection and management means)
Cookies management evidences (cookie use notification, cookie selection and management module, detailed cookies listing)
Websites, social media and online communication means
Documented evidences for the data breach incidents management practises
Evidences for the proper practices regarding the reaction to data subject access requests receiving, recording, and solving
Administrative documents (organizational charts, compliance statement, compliance audit reports)
Compliance audit - internal auditing or supporting with inspections or audits from business partners or the Authorities:
Mandatory, annual internal audit
Preparedness and assistance with third party audits upon request
Compliance audit report
MAINTAING DATA PRIVACY REGULATIONS COMPLIANCE - Continuously keeping your processes in tune with the regulations and your Compliance supporting documents up-to-date:
Impact analyses
Company policies and procedures
Contracts and Data Processing Agreements
Internal regulations
Personnel training evidences
Compliance improvement plan and measures implementation calendar
IT Inventory
Local data protection responsible person, GDPR implementation committee
Notifications and consent records
Cookies management evidences
Websites, social media and online communication means
Documented evidences for the data breach incidents management practices
Evidences for the proper practices regarding the reaction to data subject access requests
Administrative documents
DPO/DPRP as a Service - Taking over the main tasks regarding both the management of personal data, as well as interfacing on your behalf with the Data Subjects and the National Supervisory Authority, on all the practical aspects of data privacy regulations Compliance implementation. Such tasks include:
Keeping the Client informed and advising the Client – as Controller or Processor – as well as their employees and business partners
Monitoring the observance of the GDPR and other regulations in all the activities of the Client
Taking part in the relevant management board and the data protection committee meetings
Direct support in the development/updating of the Compliance supporting documents
Validating the decisions that impact data protection/privacy
Advising on the compliance of new or updated projects, coordinating the development of relevant data processing procedures or instruments
Coordinating the data privacy training plan and materials development
Executing the necessary risk and impact (DPIA) analyses
Acting as the main point of contact and representing the Client in relation with the National Supervisory Authority
Coordinating the prompt reaction and the mandatory reporting in case of a data breach incident
Acting as the main line of contact for data subject access requests, coordinating the assessment and resolution of such requests
Onsite and remote support in data privacy-related investigations or third party audits
Coordinating the continuous updating of the Registry of the Processing Activities as well as of all the Compliance evidences required
