The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a European regulation designed to improve and unify how global organisations collect, handle, process and store personal data related to people in the EU. Among the GDPR requirements is the need for organisations to improve information security and governance. 

So, what are appropriate, reasonable, organisational and technical measures?

The appropriate and reasonable measures come down to identifying the personal information risks your organisation is exposed to and managing these risks, and how you define, mitigate, and manage these risks.

The most widely accepted Information Security Management Standard (ISMS) found explicitly in ISO27001 and ISO27701 can support GDPR

Requirements:

 

  • Article 5
    Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.

  • Article 32
    The ability to ensure the confidentiality, integrity, availability (CIA) and resilience of processing systems and services. A process for regularly testing, assessing, and evaluating technical and organisational measures’ effectiveness to ensure data processing security.

  • Article 33
    Robust procedures to detect and investigate personal data breaches and report them within 72 hours to a relevant authority.

  • Article 35
    Conduct a Data Processing Impact Assessment (DPIA) of the impact of the envisaged processing operations on personal data protection. The DPIA shall address the risks, including safeguards, security measures and mechanisms to ensure personal data safety and demonstrate compliance.

The Challenges Of GDPR

Privacy by Design challenge
The GDPR and other privacy regulations require organisations to implement measures at all design phases for processing data.

Security challenges
GDPR requires the confidentiality, integrity and accountability (CIA) of data, i.e. data secured. Each data set requires identifying where the data is and stored and who has access to the data.

Governance challenge 
Implementing an ISMS or a PIMS to manage personal data, incident response procedures and data retention periods defined by the organisation.

Ongoing responsibility challenge
Organisations have often underestimated the effort required to implement the necessary measures to satisfy GDPR. GDPR is an ongoing initiative, and at all times, your organisation must be able to demonstrate compliance as your business evolves.

The Benefits Of GDPR

  • Increase reliability and reputation
    GDPR improves reputation with stakeholders and third parties.

  • Customer and third party confidence
    Stakeholders are confident the information and the systems protecting the privacy data adhere to industry best practice security controls.

  • Increase in organisation resilience
    Measures implemented can protect your organisation against cyber threats.

  • Improve data management
    Minimise the privacy data stored and refine data management processes.

What Needs To Be Assessed

Core focus areas for evaluation during the assessment:

Why Choose Us

GDPR requires organisations to demonstrate compliance. Our experienced security consultants have an in-depth knowledge of GDPR technical and operational measures and can help you implement information security management systems that support your business objectives and demonstrates GDPR.

Our services

SecuriCentrix’s security services are designed to provide the vital assistance needed to make tangible improvements to your organisation’s cyber security posture. 

Security
Validation

Expert security services and solutions tailored to your needs