Secure Anchor Compliance and Regulation Services
The European Union’s General Data Protection Regulation (GDPR) is the most comprehensive overhaul of European data protection rules in over twenty years and perhaps the most significant regulatory framework to affect US organizations since Sarbanes-Oxley in 2002. It replaces the Data Protection Act (DPA) established in 1984. The intended outcome is a standardized set of expectations of how an organization must manage and protect personally identifiable information (PII) on employees, clients and other applicable data subjects. GDPR compliance is mandatory as of May 25, 2018 with no stages to adoption.
GDPR applies to:
- All companies worldwide that process personal data of European Union (EU) citizens.
- Any company, including data controllers and data processors, that works with information relating to EU citizens
- The personal data of individuals residing in the EU, and not to where data is stored or where a company or organization is located.
The specific requirements of GDPR include:
- Privacy-by-Design – Data protection must be built into business processes and systems from the start and provided by default.
- Data Retention – Personal data should only be kept for as long as is necessary then the data must be securely destroyed.
- Right to be Forgotten – Users are able to request that their data be deleted; they can also request a copy to be sent to a third party.
- Mandatory Breach Notification – Any breaches of personal data must be reported to Supervisory Authorities within 72 hours of discovery, and depending on the extent of the breach, to affected Data Subjects without delay.
- Penalties for Non-Compliance – Fines up to 4% of a company’s annual worldwide revenue or €20 million, whichever is higher.
Because it covers personal data, the GDPR focuses on having the right governance structure, policies and operational practices, as well as monitoring, detection and response processes in place. Below are general services Secure Anchor can provide clients to ensure they are compliant with GDPR and with other data protection regulations.
Maturity Assessment – Secure Anchor helps clients identify the data in and out of scope of GDPR, build data flows, and understand its current state of maturity to meet GDPR standards. We’ll look at information security and incident response practices, and identify gaps as we produce a roadmap to compliance.
Program Development – Secure Anchor takes a highly tailored approach to building appropriate measures to meet each client’s specific requirements for compliance with the GDPR.
Program Assurance Testing – Assurance testing is key to operating and managing compliance from initial implementation through to ongoing maintenance. When the assurance testing is complete, it will ensure that current personal data processing activities and measures are resilient and fulfil the requirements.
Monitoring, Detection, and Response Solutions – It is important to understand that security is an evolutionary process and must never be thought of as “finished.” With this in mind, Secure Anchor helps clients ensure that their continuous monitoring process matures from a secure and compliant baseline into a consistent security posture.