The European Union General Data Protection Regulation (GDPR) entered into force for fines in May 2018.

Various domestic and international laws provide guidance on appropriate safeguards for properly protecting personally identifiable information (PII).

For GDPR, accountability is a cornerstone. “A business is responsible for complying with all data protection principles and is also responsible for demonstrating compliance.” And while GDPR is applicable to international organizations, it’s clear that privacy is coming to all states within in the US as well. The state constitution of California gave each citizen an “inalienable right” to pursue and obtain “privacy,” now known as the California Consumer Privacy Act of 2018. Others are soon to follow.

To respond to these changes effectively, organizations need to assess their current position and how ready they are to meet the new privacy regulations. Given the complexities and lack of information about where and how data is held, this may not be straightforward. A privacy assessment will allow organizations to be clear about the action they need to take when it comes to governance, processes, organizational structures, and technical requirements.

TrustedSec will review data privacy, including any improvements that must be made within your business, along four (4) different aspects:

• Organization
• Processes and Systems
• Technology
• Information and Access Rights

Compliance with regulations is not only a requirement, but potentially a competitive advantage, and the right thing to do for your consumers, customers and employees.

The TrustedSec GDPR Privacy Assessment will:

  • Assist with identifying gaps based on the regulation which would include any data privacy or process gaps.
  • Provide recommendations for remediation of gaps.
  • Outline areas to reduce scope
  • Provide independent verification that the current environment meets the organization’s security expectations and requirements.
  • Provide the organization with assurance—a thorough, comprehensive assessment of organizational privacy covering policy, procedure, design, and implementation.
  • Review best practices to regulatory and industry standards and guidelines.

TrustedSec has experience in most control frameworks, reviewing an organization’s control structure against these requirements, and assisting in the development of a strategy to mature and become compliant or certified.

Featured Content

Why Penetration Testing Needs Continual Evolution: Going Purple

Download

Talk with an Expert

Author: Nathan Noll