GDPR Ready/ Assessment
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. GDPR replaced the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. There is a substantial impact on organizations that operate globally.
To comply with new GDPR requirements effectively, organizations need to assess their current position and readiness to meet the new regulation. Given the complexities and lack of information about where and how data is held, this may not be straightforward. This should be followed up by a detailed GDPR readiness assessment to identify specific areas of non-compliance.
As a data controller, the organization is responsible for identifying the correct control structure and processes in place that will:
- Design and implement critical security controls to detect, manage and mitigate any vulnerabilities appropriately to the data processing environment
- Configure systems in accordance with the enterprise policy and maintaining that configuration
- Identify systems that deviate from the established policy
- Continuously monitor log files to alert to any potential breaches or vulnerabilities
- Maintain the ability to detect, respond to, and remediate any incidents effectively
- Engage securely with cloud services.
TCG has experience in industry accepted control frameworks, reviewing an organization’s control structure against these requirements, and assisting in the development of a strategy to mature and become compliant or certified.