COMPLIANCE

Strengthening the protection
of your company’s IT security

The General Data Protection Regulation (GDPR), a set of consumer data privacy regulations that applies common guidelines to companies across the EU, poses a looming issue for any business and government authority. The Regulation will be enforced on 25 May 2018 and it will demand new requirements for all businesses in terms of working with personal data, adjustment of IT systems and data processing.

Squalio provides a wide range of services and solutions helping you understand the scope in which GDPR affects your organisation and, most importantly, meet the Regulation’s vast requirements. Squalio GDPR Compliance Assessment is the first step towards GDPR compliance that identifies legal and IT security gaps in existing systems and processes.

GDPR assessment process

assessment can be made in cooperation with a legal office or
carried out as a standalone activity

legal compliance

Assessment and provision of legal compliance is performed in three stages:

STAGE I – ASSESSMENT

High-level mapping of the situation and data flows

 We gather the first input via interviews with key personnel and organising seminars the involved persons. We precisely ascertain: what kind of personal data and for what purpose are processed? Which means (systems) are used for that?

STAGE II – ANALYSIS

Gap analysis and recommendations

We verify whether there is a relevant and valid legal basis for processing personal data. We assess and identify areas where a business needs to implement legal or organisational measures to comply with the requirements of the Regulation. We provide assessment of risks associated with non-compliance and recommend what measures the company should implement.

STAGE III – IMPLEMENTATION

Implementation of legal or organisational measures

Depends on the Assessment, and may be done by the customer themselves with our assistance. Typical implementation measures may include: employee training; creating a registry of processing personal data where the company is in the role of a data controller or a data processor. Preparing or updating policies of data processing, internal guidelines/codes of conduct, processes and rules of the Regulation, contract templates with customers.

IT compliance

Assessment and provision of technical compliance is performed in two stages:

STAGE I – ASSESSMENT

IT security/personal data leakage risk assessment; non-compliance with the Regulation

 The necessary information is obtained by interviewing IT management, the security manager and other involved employees, as well as by performing software and hardware audit with specialised scanning means and methodology.

At the conclusion of this stage, the customer receives: a report on Information Systems, security/personal data leakage risks and the Regulation compliance assessment with the identification of risks and compliance issues; a report with IT solution implementation and improvement recommendations (arranged according to the priorities) to mitigate identified risks and compliance issues; a calculation of costs for purchasing, implementing and supporting IT solutions (including company employee involvement assessment).

STAGE II – IMPLEMENTATION

This stage enhances and/or implements new IT solutions

 For example, mechanisms for the control of access and rights, tools for the identification of attacks and data leakages, detailed auditing, data classification and labelling solutions, and other security controls for mitigating risks of personal data leakage. We provide IT solution support in the entire solution life cycle, regular solution updates and maintenance, cooperation with the IT manager and the DPO to maintain GDPR technical compliance, all the while providing employee training.

Improve

Ready to protect your data?