The General Data Protection Regulation (GDPR) embodies a new legal framework, taking effect in the 28 Member States from 25 May 2018, and translating into four principles:
Main changes introduced by the GDPR?
GDPR compliance services
GDPR-related consultancy and auditing services that consist in reviewing the information flows implemented, with the aim of identifying possible risks of non-compliance with the following components of the GDPR: technology and IT security, consultancy and legal compliance and business and operating processes.
Identification of the organisation’s main failings in respect of GDPR requirements. We analyse the technological risks that compromise information security, the weaknesses of IT security policies and behavioural risks in the context of the use of information systems. This service is suitable for smaller companies or companies with a low degree of maturity in respect of the GDPR and which require guidance to get their internal process up and running.
This service expands on the pre-assessment with an exhaustive survey of business processes, data and information using a methodology based on documentation provided by the client and through interviews with key users. This service is suitable for medium or large companies where the pre-assessment would be insufficient given the organisations’ requirements and complexity.
This service complements the assessment service by conducting audits to confirm the information gathered, auditing documentation, information systems and expanding the base of key users interviewed using a system of sample testing.