top of page

What and Why GDPR

The EU general Data Protection Regulation has made a cardinal change in personal data handling with an impact that goes far beyond the European Union. There is hardly any business, which is not involved in collecting or processing customers’ personal data, but most heavily affected industries are finance, healthcare and public services.


GDPR is the most authoritative privacy regulation that affects global organizations. It makes the organizations’ entities responsible for privacy and security of personal information. The regulation focuses on the concept of individual rights to be upheld while processing personal data. A maximum fine of 4% of global turnover is an important consideration as it directly impacts organizational profitability. Associated reputation impact and loss in shareholder value would increase the residual risk that organizations need to manage.


Rede Compliance solution provides the following features relevant to the GDPR:

  • Privacy and personal data management

  • Guidelines on requirements and related actions to comply with the GDPR prepared by our security experts based on the best international practices

  • Predefined target objects in the GDPR context

  • List of processing activities

  • Data Protection Impact Assessment (DPIA)

  • Tracking implementation and maintenance of GDPR compliance

  • Specific focus on the GDPR requirements for data protection officers, third party data processors


GDPR Compliance framework

  1. Identify & Classify Personal Data :- Identifying the personal data in all the organizational workflows are critical to defining the GDPR compliance strategy for your organization

  2. GDPR Gap Assessment :- A GDPR readiness assessment helps you identify the gaps in the current state and helps you identify the action items for compliance

  3. GDPR Impact Assessment :- Identify the impact of the GDPR compliance gaps to your organization. This helps you identify the investment priorities for your remediation.

  4. GDPR Policies & Procedures :- We will develop policies, procedures, standards, forms and agreements that meets the GDPR compliance requirements

  5. GDPR Consulting Service :- Our GDPR Consultants helps you in remediating the GDPR Compliance gaps by providing expert advisory on GDPR Compliance

  6. DPO as a Service :- Data Privacy Officer as a Service helps you appoint specialist privacy professionals at affordable costs.



Data Identification & Flow Analysis

GDPR Compliance is all about personally identifiable information (PII) of European union residents.

  • What data you have & how is the data collected

  • What data you need

  • What data you want to keep or delete & Data retention period

  • Who has access to these data

  • Who is involved in the processes of these data

  • Which are the tools used for the processes of the data

  • In what business processes are the data used

Based on the information collected, we work with your business team to identify the data flow within the organizations and to external parties. The data flow analysis provides an overview of the systems:

  • Where the company stores data

  • The process according which the company processes data and

  • How data are exchanged between the systems.

The outcome of the identification phase will be a complete overview of the company’s personal data, of the systems, processes and people that handle them.

GDPR Gap Analysis The GDPR Gap Analysis phase of the project is to help the organization identify the areas where potential gaps to the GDPR compliance exits. This phase utilizes the results of the data identification & data mapping to identify the gaps in GDPR data life cycle management. Data Privacy Impact Assessment (DPIA) Conducting Data Privacy Impact Assessment (DPIA) is a key requirement towards GDPR Compliance. DPIA need shall be performed before the implementation of specific initiatives. Performing Privacy Risk Assessment will provide insights on the capability of the organization to provide CARE (Consent, Access, Receipt & Erasure) for the personal data.

The objective of a DPIA is that extreme cases of data breach is considered, anticipated and thereby addressed by the management in protecting the GDPR personal data. Key stages of a DPIA would include:

  • Threat identification

  • Impact identification

  • Evaluation of vulnerabilities

  • Identifying the Privacy risks

  • Risk treatment plan development

Implementation of Action plans The implementation phase is for the organization to remediate the gaps identified and implement controls to reduce the risks to acceptable levels. Rede team will provide advisory and governance services towards the remediation. The key focus would be given on process measures and technical measures.

Process measures: We will help the organization develop the GDPR governance structure, policies and procedures, checklists and/or process diagrams etc. This will enable the organization to demonstrate how it implements, maintain, updates and ensures the company adheres to GDPR Compliance

Technical measures: We will help the organization in designing the controls and defining the security and privacy architecture required for GDPR compliance. This will enable the organization to securely structure the systems and infrastructure to support the business process


It is required that all private and public companies/organizations subject to the EU GDPR be able to document at any times that they are compliant with the GDPR GDPR Incident Response Plans GDPR Compliance is all about personally identifiable information (PII) of European union residents.

  • What data you have & how is the data collected

  • What data you need

  • What data you want to keep or delete & Data retention period

  • Who has access to these data

  • Who is involved in the processes of these data

  • Which are the tools used for the processes of the data

  • In what business processes are the data used

Based on the information collected, we work with your business team to identify the data flow within the organizations and to external parties. The data flow analysis provides an overview of the systems:

  • Where the company stores data

  • The process according which the company processes data and

  • How data are exchanged between the systems.

The outcome of the identification phase will be a complete overview of the company’s personal data, of the systems, processes and people that handle them.

GDPR Compliance Management Compliance is not a one time activity. GDPR compliance is an ongoing task that require continuous monitoring, evaluation and fine tuning.

Rede Consulting helps you build a governance model towards ensuring the GDPR compliance a “Business as Usual” activity.

We will help you with periodic health checks, compliance audits and required security testing. The result of these reviews would act as an input towards the Board Meetings and progress assessment of GDPR compliance. Would you like to speak to our Compliance and Security Analyst?

3 views0 comments

コメント


bottom of page