General Data Protection Regulation (EU regulation 2016/679) was adopted 2016 April 27. It will be enforced on 2018 May 25, which means less than one year implementation period from now. This regulation is intended to strengthen protection of personal data, allowing EU residents to control how, where and by whom their personal data is used and set strict standards for businesses both in EU and outside EU for personal data usage.
GDPR compliance should be evaluated considering broader legal, technological and organizational partnership. We do partner with legal partners in each geography we operate to ensure full legal compliance. Also, there are extensive list of various Personally Identifiable Information (PII) scanning tools of different vendors for proceeding the auditing.
Most of software or cloud services vendors are highly security-conscious and recently started to add “GDPR-Compliant” marks to their products. Being in software market for 20+ years, we do have experience and technical ability to review which of the vendors are presenting trustable information about GDPR and security compliance, also evaluate risks related with origin of software producers.
Squalio is a leading provider of Software Asset Management projects in Lithuania and Latvia with strong customer references in other 7 countries we operate. Outcome of those projects, which have many similarities with GDPR compliance is customer software and hardware assets inventory and deep insight into information and cloud technologies used.
scope of the project
We propose to specify clear scopes and align understanding what GDPR project means for SQUALIO, you as our customer and authorities, who are responsible for supervision of GDPR legislation implementation. Full implementation of all GDPR requirements can be quite broad,
involving various sub-projects and organizational units related with business processes, IT, security, legal, external partners and other.
Implemented GDPR compliance framework allows to effectively discover, manage, protect and report personal data use practices, policies and incidents. Existing IT & non-IT infrastructure also should be GDPR-compliant, ensuring that there are no infringements which can occur as existing old IT product gaps used at the organization.
- Internal GDPR Assessment (legal and IT environment);
- Legal and IT risks analysis
- Implementation (processes and IT tools) & training
- Continued regular support & follow-up
Define the what, where, when & how of the whole GDPR compliance project
Collect all relevant data through inventory tools, procesess reviews and interviews with key stakeholders to adress the GDPR competency areas
Review and validate collected data and procesess, document results, develop recommendations and create deliverables
Present the GDPR IT assesment and IT risks analysis report, deliverables and provide future improvement plan