The first step in preparing for the compliance with the data protection regulation is measuring our organization’s maturity level, finding where adjustments are necessary until the May 2018 deadline of the regulation’s compulsory application. For this purpose, our company provides assisstance in mapping every process regarding data management, isolated by goals and defining the legal bases of the goals. Following this, we conduct the “gap-analysis” based on a check-list prepared in advance. We help not getting lost in the details but identifying the areas with high risk level and according to these, preparing the action plan.
Establishment of data protection processess, Preparation of policies and informational materials
The data protection regulation dictates numerous internal processes, policies and informational responsibilities for the enforcement of rights of the persons concerned and for the protection of data. Particularly, the internal processes related to the enforcement of rights of those concerned, conduction of data protection impact analysis, weighing interests, preparation of data protection policy and informational materials. The list could go on. Our company helps establish effective and applicable processes; review, actualize and prepare the policies and informational materials.
Fulfillment of the Data Protection Officer role
Section 4 of the data protection regulation reshaped, and emphasized the fulfillment of the role already known as Internal Data Protection Officer in the Hungarian legislation. The Data Protection Officer, in accordance with the regulation, cannot accept orders from anybody, cannot be laid off and cannot be sanctioned. The Data Protection Officer can only be held accountable directly by the board of directors of the data controller or processor. Complete independence and the required technical knowledge cannot be guaranteed for numerous organizations in the case of an internal colleague, therefore Article 37 of the regulation enables the Data Protection Officer to fulfill their position in the frames of a service agreement. Our company has gathered significant amounts of experience in the fulfillment of outsourced roles.
Covering data protection trainings
According to the regulation, the tasks of the Data Protection Officer includes raising the security consciousness and training of persons involved in the operations of data management. We undertake the preparation of online and personal educational materials and the conduction of e-learning and personal courses for the users, the management or even for the system administrators and developers.
Management of security incidents
In accordance with the GDPR, security incidents must be reported to the authorities within 72 hours of the organization realizing them unless the incident is not probable to bear any risks regarding the rights and freedom of legal persons. The comprehensive analysis of the incident and the assessment of the risk it may hide is impossible within 72 hours without the help of the appropriate specialists, especially when not reporting could result in tens of thousands of euros in fines.
In the interest of reacting effectively to an incident, our company provides assistance in the establishment of internal processes and the forensic analyses following the occurrance of a security incident. Our ethical hacker team has years of routine in the investigation of incidents related to data leakage, data theft and hacking; the identification of system vulnerabilities and the prevention of future incidents. Based on the tests, we can make suggestions on the necessity of reporting, help prepare the incident report and communicate it through the appropriate channels.
If you have other questions, problems regarding the data protection regulation, do not hesitate to contact us! We offer support with the examination of the data protection authorities, in the management of data protection complaints or any other question associated with the management of personal data.