The General Data Protection Regulation came into force on 25th May 2018.
It has a wide-ranging impact on all companies processing personally identifiable information (PII) - including fines for breaching regulations.
Through our portfolio of training and discovery services, we can help you identify the PII in your organisation, and the flow of data.
Our team can assist in defining relevant processes to meet compliance with the new legislation and the technology that can assist.
With the GDPR now in force, it has become increasingly important to understand your data and ensure that it is sufficiently protected.
For most organisations, unstructured data represents the biggest challenge and our assessment will provide you with a snapshot of your data security to quickly ascertain the level of risk associated with both structured and unstructured data, as well as identifying active versus stale data.
Gain a comprehensive understanding of the changes to data protection legislation and what the implications are for your organisationLearn more
Understand where data comes into your organisation, how it is processed, where it resides and who you share it with by conducting a data flow analysisLearn more
Following the data flow exercise, our practitioners will assess the processes, practices and safeguards you have in place to manage PII dataLearn more
The principles of the GDPR are similar to the DPA, with several key enhancements and additional obligations which will impact every organisation. Understanding what PII exists as well as how it is stored, processed and protected is essential to remaining compliant and to ensure that the rights of the individual are protected.
Protecting personally identifiable information is essential in order to comply with the GDPR. Organisations will be required to implement both technical and governance measures in order to address the risks posed. This will mean ensuring the ongoing confidentiality, integrity and availability for your data processing systems.
Businesses will be required to make it easy for individuals to exercise the right of access to their information, the right to object to direct marketing and profiling, and to move their data between suppliers. The GDPR recommends that individuals are provided with remote access to a secure self-service system, granting access to their data.
A personal data breach refers to a breakdown in security, leading to the destruction, loss, alteration, unauthorised disclosure or access. The consequence of a breach is more than just the loss of personal data. Once discovered, it must be reported within 72 hours and if considered high risk, the individuals must be notified