GDPR

GDPR (General Data Protection Regulation) Assessments and Compliance Readiness

European Union (EU) has implemented the world’s strongest data protection rules through the General Data Protection Regulation (GDPR). GDPR became law on May 25, 2018 and is an effort to protect the personal information of individuals. The GDPR changes how businesses and public sector organizations can handle the information of their customers. Additionally, the GDPR increases the rights of individuals and gives them more control over their information.

The GDPR will affect all companies, individuals, corporations, public authorities or other entities that offer goods or services to individuals in the EU. The implications of the GDPR for US companies who collect, maintain, or process the personal data of individuals (data subjects) located within the EU will be substantial – and compliance by US organizations is compulsory! As such, compliance with the GDPR will require comprehensive changes to business practices for many companies that do not already have an equivalent level of data security and privacy in place. Failure to comply with the GDPR means facing fines up to €20,000,000 or 4% of global turnover, whichever is higher.

TBC can assist your organization with achieving GDPR compliance. We offer the following assessment activities:

GDPR GAP ASSESSMENT / ANALYSIS:

TBC reviews your organization’s current data protection and privacy environment and provide a detailed gap assessment to help your business achieve compliance. We will determine your compliance with the GDPR by reviewing the policies, procedures, and processes in place in your organization.

TBC Compliance as a Service: GDPR Compliance as a Service (CAAS): At TBC, we understand there are many ways an organization can fall short of GDPR compliance. In fact, it can often be as simple as not knowing the requirements. The experts at TBC are poised to help with our multi-step GDPR CAAS process.

STEP 1: GDPR GAP ASSESSMENT / ANALYSIS

To begin the GDPR Compliance process, TBC performs an initial assessment through an interview and verification process. This creates a snapshot of your organization’s GDPR compliance to uncover the areas that are noncompliant. Our detailed gap assessment report outlines the issues and provides recommendations for achieving organizational compliance. The gap assessment allows recipients to quickly see missing or incomplete items, undocumented policies and/or procedures, as well as inadequate privacy and security measures.

STEP 2: REMEDIATION

No organization is perfect. There will be issues, and plans of action must be put into place to close gaps in compliance determined in the assessment. TBC provides a detailed remediation plan at the end of the gap assessment. This allows your organization to determine where resources and budgetary planning is needed to achieve GDPR compliance. Our remediation service includes 12 hours of onsite or offsite consulting, access to policy templates and procedures.

STEP 3: GDPR RISK ASSESSMENT

At the end of the remediation period, TBC performs an independent risk assessment of your organization. TBC reviews your organization’s day-to-day activities, policies and procedures to identity any risks.

STEP 4: GDPR PRIVACY AND SECURITY TRAINING

TBC provides Privacy and Security with white-labeled PowerPoint training that includes, but is not limited to the following subjects:

  • GDPR Regulation
  • Incident Response and Breach Notification Overview
  • Acceptable Use of the Organization’s Computing Devices
  • Access Control
  • Workforce Security

STEP 5: QUARTERLY COMPLIANCE REVIEW

Each quarter, TBC provides an in-depth review of the changes that have been implemented throughout your organization. This can include changes in compliance posture, services and/or the IT infrastructure. We also provide a summary of the review, and when applicable, a list of the gaps and recommendations for remediation.

STEP 6: ANNUAL RISK ASSESSMENTS

TBC follows security best practices and recommends conducting an annual risk assessment*. The deliverable is similar to that of the first GDPR assessment, but with fewer or no gaps in your organization’s compliance posture.

Tampa Bay Compliances CAAS is available in plans ranging from 12 to 24-month terms. An upfront fee is required and determined by the size and complexity of your organization, as well as the desired remediation period with the remainder of the fee billed in equal monthly increments.

HAS YOUR ORGANIZATION COMPLETED A GDPR ASSESSMENT IN THE LAST 12 MONTHS?

If not contact us now for a free 30 minute GDPR Compliance Review.

 
Get Started