Deep security expertise, we understand attackers and how defend against them
Risk-based objective evaluation of your controls, procedures and goals
Develop actionable insight and plans to guide your business
Data Protection And Privacy
New privacy laws and incidents of privacy violations, identity theft and personal information mismanagement have increased regulatory and consumer pressure to prevent disclosure or compromise of personally identifiable and sensitive information. The business impacts of failure – on both long-term relationships and value – have elevated the issues of privacy, security and information risk management to the board and senior executive level at many companies. Addressing privacy issues on a global, basis and in a consistent and cost-effective manner is crucial to maintaining a competitive edge in today’s global economy.
We analyses the risks related to existing and potential data processing operations and develops custom-made privacy and data protection solutions for an entire organisation and its products and services. We assist your organisation with the development of a privacy and data protection program for a product line, branch or an entire organisation. This includes, for example, the mapping of data processes and data locations and the classification of data. It also includes data security, access control and data retention as well as staff privacy training, privacy risk assessments and the creation of data transfer rules.
Business Value
- Examine the organisations unique environment, architecture, operations, culture and threat landscape against industry standards frameworks
- Understand organisations privacy obligations, risks and determine if compliance strategy meets requirements
- Understand impact of business transformation initiatives on personal information
Understand what personal information is being processed, where its being processed by who and for what purpose
Understand your organisations ability to detect and manage a data breach
Implement best practices and consistent execution of your compliance program
- Ensure that your organisation monitors both internal and 3rd party supplier compliance in respect to privacy and security
- Roadmap areas for improvement and defines corrective action
Our Approach
When embarking on a privacy and data protection review we assess every aspect of your organisations people, processes and technology as it relates to the program under review. We examine your current processes and technologies and consider ways in which privacy and data protection can be enhanced to support the objectives of the business. During the review, we employ a risk based approach to assess the current privacy framework and security posture of the organisation.
Our review framework is based on a variety of recognised control frameworks such as the GDPR, AICPA/CICA Privacy Maturity Model, FIPPS, OECD, or the GAPP. Our review starts with interviews with your staff to gain an understanding of the organisational structure, business priorities, market pressures and risk environment, general data types and flows, and privacy infrastructure and resources currently in place.
Next we interview select individuals and review appropriate documentation. Throughout the review we develop an understanding of the privacy and data security management configuration, including security responsibilities, security and privacy governance, data security policies, security controls, security operations, security monitoring and response procedures.
We develop detailed documentation including a maturity assessment, gap analysis, tactical and strategic recommendations and a detailed roadmap.
Deliverables
- Executive Summary
- Maturity Assessment
- Gap Analysis
- Actionable Plan
- Detailed Roadmap
Request More Information
Our General Data Protection Regulation (GDPR) Services
Our GDPR Maturity Assessment is designed to help organisations identify the data in and out of scope of GDPR.
This assessment will help you by:
- Assessing the maturity of your current security program against the GDPR standards and identify areas for improvement
- Create comprehensive data inventory and data flow maps
- Develop a roadmap to compliance
A highly tailored approach to help build appropriate measures to meet each organisation’s specific requirements for compliance with the GDPR. Whether it’s policy and procedure updates to account for changes in breach notification communication, third-party assessments to ensure your vendors follow the processes you expect, or cyber engineering to re-architect data flows and storage, we provide trusted insights and advice.
The concept of Privacy By Design (PbD) is nothing new, but now it is enshrined in the GDPR. Organisations need to build a mind set that has privacy at the forefront of the design, build and deployment of new technologies. One manifestation of PbD is Data Protection Impact Assessments (DPIA), which are now required to be undertaken for new uses of personal data where the risk to individuals is high.
A data protection impact assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. The process comprises the following steps:
- Identify the need for a DPIA
- Describe the information flows
- Identify and assess the privacy risks
- Identify and approve controls
- Assign responsibility for implementing controls
- Re-assess and accept the risks.
We will assist you in carrying out a data privacy impact assessment (DPIA) that are required when developing your new products and technologies.
We offer a portfolio of Monitoring, Breach Detection and Response Solutions to support the ongoing management and operation of information security best practice. The GDPR mandates that organisations have the right technical controls and processes to detect and respond to a personal data breach and, in certain instances, to share a formal report of the breach with the regulator within 72 hours of detection. We provide the managed service required to address the GDPR requirements for breach detection and response.
We can help
- Our Security Testing Services includes penetration testing, application security testing, Red Team Attack simulation testing and more to test the security of systems that handle personal data
- Our Incident Response Services perform incident response testing or an organisation’s personal data breach handling process and notification procedure
- Our security and risk consultants perform mock-audits to test GDPR controls and identity areas of non-compliance before a formal audit takes place
Under Section 4 of the EU General Data Protection Regulation 2016, it is a requirement for organisations meeting specific criteria to appoint a Data Protection Officer. Article 37 outlines the designation for the appointment of a Data Protection Officer and Articles 38 and 39 outline requirements for the position of and tasks allocated to, the Data Protection Officer.
We offer a Virtual Data Protection Officer solution that provides
- Compliance with GDPR requirements for a Data Protection Officer
- Practical assessment of data protection risks across all your organisation’s business operations
- Identification of your organisation’s most critical data protection weaknesses.
- Assess your GDPR accountability position for identified risks.
- Helps create an ongoing programme for improvement and to identify key audit points to assess progress