Ready to Get Started?
Our team of professionals is ready to dive in and collaborate with your team
What is it?
The General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 came into effect May 25, 2018 with the goal to strengthen and unify existing privacy legislation. The GDPR requires Organizations who process the personal data of European Union residents to implement sufficiently appropriate technical and operational controls to achieve compliance with the relevant Articles. The GDPR classifies organizations into two primary categories:
- Data Controllers - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Data Processors - the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The obligations for compliance with the Articles of the GDPR will vary based upon the Organization’s classification as a Data Controller or Data Processor, however there are seven core obligations in which all organizations much adhere to:
- Lawfulness, Fairness and Transparency — The processing of personal data must be lawful, fair, and transparent to the data subject.
- Purpose Limitation — Organizations must process data for the legitimate purposes specified to the data subject upon collection.
- Data Minimization — Organizations should collect and process only as much data as absolutely necessary for the purposes specified to the data subject.
- Accuracy — Organizations must keep personal data accurate and up to date.
- Storage Limitation — Organizations may only store personal data for as long as necessary for the intended purpose for which it was collected.
- Integrity and Confidentiality — Organizations must implement appropriate technical and organizational security controls to maintain the security, integrity, and confidentiality of personal data under its control.
- Accountability — Organizations are responsible for being able to demonstrate GDPR compliance with all of these principles.
Why do our client’s need help?
The GDPR has expanded the territorial reach of enforcement capabilities and Organizations may face severe penalties for non-compliance ranging from the greater of 4% of annual world-wide turnover or €20,000,000. As these penalties have stolen the attention of every Chief Financial Officer, Organizations are now placing increased scrutiny on compliance throughout the entire data from the Data Controller to the Data Processor and their respective sub-processors. This scrutiny can be seen through Organizations conducting compliance audits and forcing downstream processors to execute a Data Processing Agreement (DPA) which requires the Organization to attest to its compliance with the respective Articles of the GDPR.
What we offer
RISCPoint specializes in getting organizations compliant with the GDPR, by offering the following services:
- Advisory Workshops and Gap Assessments
- Determine the applicability of the GDPR to your organization
- Identify the controls currently implemented that map to the requirements of the GDPR
- Develop a compliance roadmap to achieving compliance with the GDPR
- Remediation assistance through the development of required policies and procedures to meet compliance requirements, including critical policies such as:
- Data Subject Access Request (DSAR) Policy and Procedure;
- Article 30 Records of Processing Activities Mapping;
- Processor and Subprocessor Management Policy;
- Data Protection Impact Assessments;
- Privacy Training Programs; and
- Data Privacy Policies
Why work with us?
- We employ a team of industry experts who have assisted a large number of governmental contractors or all sizes achieve authorization.
- Our advisors have worked with and at some of the largest 3PAOs and bring the knowledge of what auditors, authorizing officials, and the authorization process.
- Our wide partner network includes security software vendors, hosting providers, as well as security engineers – we will be your one-stop-shop for all your authorization needs.
- We offer a wide range of security and compliance services and specialize in the development of enterprise-wise controls environments which will allow you to meet multiple standards and frameworks (FISMA, FedRAMP, SOC 1, SOC2, HITRUST, HIPAA, ISO 27001, and others) and minimize the time spent on audit and compliance works so you can focus on your day-to-day operations.
Start the Conversation
Work with our team of professionals to help find a tailored solution for your company