From 25 May 2018, the EU General Data Protection Regulation (GDPR) came into effect. At Teceze, we have experience of providing organisations with the advice they require in order for them to meet all data handling regulations and laws. This could be for statutory reasons (DPA), to remain compliant (PCI), regulatory (FCA) as well as all Government requirements (HMG).
All organisations will have to be GDPR compliant from 25 th May 2018 and so, at Teceze, we can call on our experience to help organisations meet and understanding the regulation.
There are legal and financial responsibilities that come with GDPR, all of which have to be acknowledged at the board-level. We implement a thorough and comprehensive risk-register as well as an accountability framework to meet all fundamental requirements.
We carry out a review that seeks out evidence of compliance to a standard that is recognized as well as evidence of the correct policies, data protection officer requirements, privacy impact assessments, incident response, and breach reporting.
We consider all existing controls, undertake interviews, and collect the relevant evidence prior to carrying out an assessment that considers the GDPR requirements. We then create a gap analysis report that feeds into the risk treatment plan.
The findings will be delivered as a part of an overview which includes a graphical demonstration of the current security and protection position of the customer.
In order to assist remediation, the customer will be provided with a representation of each control.
A risk treatment plan can be developed from the spreadsheet.