GDPR Readiness Services

 

May 25th, 2018 has come and gone.  Are you ready??

 
kevin-392517.jpg

You're out of time...

Our GDPR Services offers a variety of services designed to help organizations address GDPR Readiness preparation and remediation of assessment findings.  Our services provide a structured methodology to ensure that all GDPR Readiness needs are identified and met through the entire assessment lifecycle. 

Emagined Security has unique experience with variety of GDPR remediation services.  Our services span from training to hands-on remediation.   From our strategic management team to our tactical technical teams, our GDPR knowledge can be made available to your organization.  Emagined Security has leveraged this unique differentiator to offer a variety of GDPR related solutions to organizations to help guide them through GDPR strategy and remediation.

The General Data Protection Regulation (GDPR) was approved and adopted by the EU Parliament in April 2016 and is enforceable as of 25 May 2018. It consists of an introductory section of 173 background paragraphs followed by the actual regulation. The regulation consists of 11 chapters containing 99 Articles.

The GDPR applies not only to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. A “controller” is the entity determining the purposes, conditions, and means of processing of personal data, while a “processor” is an entity processing personal data on behalf of the controller.

Consent

  • The data subject’s consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes
  • Where consent is relied upon for the processing of special categories of personal data, explicit consent is required
  • Parental consent is required for the processing of personal data of children under the age of 16, unless member state law provides for a lower age not under 13 

Further Processing Not Based on Consent

  • Further processing not based on consent is allowed to safeguard objectives such as: national security; general public interests; the protection of individuals’ rights and freedoms; or the prevention, investigation, detection, or prosecution of criminal offenses
  • Any further processing not based on consent should consider: the nature of the personal data; the possible consequences of the further processing; and the existence of appropriate safeguards 

One-Stop Shop

  • Data controllers are regulated by a lead authority located in the territory of their main establishment, although local authorities may deal with local cases
  • If a concerned supervisory authority objects to a lead authority’s draft decision, the case shall be referred to the consistency mechanism for a binding decision by the European Data Protection Board (EDPB)
  • Any EDPB binding decision can be appealed to the Court of Justice of the European Union 

Data Breach Notifications

  • Controllers shall notify the supervisory authority of a personal data breach without undue delay and, where feasible, not later than 72 hours, unless the breach is likely to result in a risk to the rights and freedoms of individuals
  • When the personal data breach is likely to result in a high risk to the rights and freedoms of individuals, the controller shall communicate the personal data breach to the data subject without undue delay 

Right to Object and Profiling

  • Data subjects have the right to object to processing unless the controller demonstrates compelling legitimate grounds for processing
  • Where personal data is processed for direct-marketing purposes, data subjects have the right to object at any time to the processing
  • Data subjects have the right not to be subject to a decision based solely on automated processing — including profiling — unless the data subject has given explicit consent, or where the processing is authorized by contract or in law 

Right to Erasure (“Right to Be Forgotten”)

  • Data subjects have the right to request the controller erase his or her personal data without undue delay where: the data is no longer necessary for the purposes collected; the data subject withdraws consent; or the data subject objects to data processing
  • Where the controller has made the data public, the controller shall take reasonable steps to inform the processor of the data of the erasure request 

Data Protection Officers

  • Controllers and processors shall designate a Data Protection Officer (DPO) where their core activities consist of the regular and systematic monitoring of personal data or the processing of special categories of personal data on a large scale
  • The DPO shall act independently of the controller or processor, reporting directly to the highest management level 

Administrative Fines

  • Infringements regarding obligations of the controller and the processor may be subject to administrative fines of up to €10 million, or 2% of worldwide annual turnover — whichever is higher
  • Infringements regarding the basic principles for processing, data subject rights, transfers of personal data, or noncompliance with an order by the supervisory authority may be subject to administrative fines of up to €20 million, or 4% of worldwide annual turnover— whichever is higher

Benefits

Our GDPR Services can help you address industry and legal requirements using the following set of activities. 

GDPR Readiness Planning

Our GDPR Readiness Planning service allows organizations to develop high-level strategies and plans in order to meet industry and legal requirements.  Beginning with requirements gathering and moving into legal analysis, we create a strategic process to address compliance issues, assess business risks, and enable new initiatives.

GDPR Readiness Pre-Assessments

Our GDPR Readiness Pre-Assessments is an evaluation of existing controls and services to ensure that you meet industry laws and regulations.  This assessment will assess your current security and Compliance & Privacy position, the desired status based on industry and legal requirements, and identify the steps to achieve your security and Compliance & Privacy goals.   

GDPR Awareness Training

Our GDPR Awareness Training service programs offer companies a variety of on-site GDPR training opportunities.  We focus on general GDPR and security awareness to specific industry GDPR legal issues.  We strive to make GDPR and security training rewarding, educational and stimulating.  

GDPR Compliance Program Management

Our GDPR Compliance Programs offer services from program management to detailed implementations.  Our across-the-board compliance services are designed to implement and enhance Compliance & Privacy and security controls in order to meet industry laws and regulations.  We ensure your compliance programs are designed to address risk while taking into consideration business needs.

GDPR Compliance Outsourcing Programs

Our GDPR Compliance Outsourcing Programs offer our customers the ability to provide a focused approach on your Compliance Program by involving a dedicated team to provide services surrounding your Compliance Program, Tools and Audit requirements. Our services surrounding our Compliance Outsourcing are based on years of managing client Compliance Requirements and provide the ability to allow you to focus on other tasks.