On 25 May 2018, the new General Data Protection Regulation (GDPR) will come into effect.
Is your organisation ready to comply?
Kayzed Consultants has experience in developing & implementing privacy programs that leads to GDPR compliance. We understand that aligning technology with governance, risk and compliance (GRC) is the best approach towards achieving GDPR objectives. Our ADAPT methodology helps organizations achieve GDPR compliance ahead of the compliance dates. Irrespective of your state of current GDPR compliance or efforts, our team can help you continue the GDPR journey without starting over from the beginning.
GDPR Some of the key privacy and data protection requirements of the GDPR include:
- Requiring the consent of subjects for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Simply put, the GDPR mandates a baseline set of standards for companies that handle citizens’ data to better safeguard the processing and movement of citizens’ personal data
IDENTIFICATION, DATA MAPPING & DATA FLOW ANALYSIS
The initial phase of a GDPR project is to perform GDPR Data Identification, Data Mapping & Data flow analysis. In this process, we will analyse the following key elements:
- What data you have
- How is the data collected
- What data you need
- What data you want to keep or delete
- Data retention period
- Who has access to these data
- Who is involved in the processes of these data
- Which are the tools used for the processes of the data
- In what business processes are the data used
Based on the information collected, we work with your business team to identify the data flow within the organizations and to external parties. The data flow analysis provides an overview of the systems:
- Where the company stores data
- The process according which the company processes data and
- How data are exchanged between the systems.
The outcome of the identification phase will be a complete overview of the company’s personal data, of the systems, processes and people that handle them.
DATA PRIVACY IMPACT ASSESSMENT (DPIA)
Conducting Data Privacy Impact Assessment (DPIA) is a key requirement towards GDPR Compliance. DPIA need shall be performed before the implementation of specific initiatives. Performing Privacy Risk Assessment will provide insights on the capability of the organization to provide CARE (Consent, Access, Receipt & Erasure) for the personal data.
The objective of a DPIA is that extreme cases of data breach is considered, anticipated and thereby addressed by the management in protecting the GDPR personal data. Key stages of a DPIA would include:
- Threat identification
- Impact identification
- Evaluation of vulnerabilities
- Identifying the Privacy risks
- Risk treatment plan development