The e-InnoSec consulting team understands the inherent risk and challenges clients face in designing, implementing, and sustaining an effective privacy and data protection program. Using the experience of working with various clients in privacy projects we have refined our approach and are able to provide a quick turnaround on privacy data protection projects.
Control Information Flow - Understand where sensitive information travels throughout your organization to safeguard it with your program appropriately
Build Privacy Processes - Build the policies and processes you need for privacy protection (to comply with Data Protection Laws), risk management, policy management, and other program areas include technology solutions to manage GDPR data subject rights such as consent, right to deletion, etc.
Maintain Privacy and Compliance - Whether you have an official data protection officer on your team or not, we will build repeatable processes for your organization
Technology solution deployment steps:
- Privacy Impact Assessment – Initiation and analysis
- Compliance road map – Core team, pilot, and solution identification
- Compliance solutions – Enterprise rollout and training
- Steady-state – SLA and Continuous improvement
We perform the following tasks:
- Advise clients on the scope
- Guide and educate the client’s team on:
- GDPR principles
- Rights available to the data subject
- Roles and responsibilities
- Designing a privacy plan
- Data mapping
- Identifying risks
- Documenting policy and procedures
- Design a custom approach on how to create an effective data protection program
- Assist in performing Data Privacy Impact Analysis (DPIA)
- Assist in the implementation of the program or assess the existing program to identify gaps and remediate
- Train the staff using the SECURETAIN training modules
- Train the staff on how to monitor the program to ensure sustainability and effectiveness of the privacy and data protection program
Our solution approach is based on the principles stated in GDPR itself:
- Privacy by design - Privacy by design and its foundational principles involve embedding privacy into underlying processes, objectives, operations, and technologies by default.
- Bottom-up approach - A bottom-up, security-driven, and data-focused approach is a better solution for meeting privacy requirements like GDPR. A bottom-up approach is tailored to an organization's specific needs.
- Process Automation - Successful privacy programs require operationalized processes that are repeatable, auditable, and automated. For example, consent collection and management, consent revocation, and auditable history.
The main goals of the GDPR:
- Protect personal data and strengthen privacy rights of EU individuals
- Give users control over their data
- Allow for free movement of personal data within the Union
- Regulation protects the fundamental rights and freedoms of natural persons and their right to the protection of personal data
The GDPR introduces a duty for all organizations to report certain types of personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, when feasible.
Most Western countries have already adopted comprehensive legal protections for personal data. With the revised General Data Protection Regulation (GDPR), the European Union has become the focal point of the global dialogue on individual data privacy.
By complying with GDPR, you can help protect your organization from fines that can amount to up to £20 million or 4% of your global revenue from the previous year, whichever is higher. Additionally, GDPR compliance can help you demonstrate to customers that you are committed to protecting their right to privacy and their sensitive, personal data.