General Data Protection Regulation
The European Union (EU) passed the General Data Protection Regulation (GDPR) to help ensure the privacy rights of EU citizens by addressing the export of personal data outside the EU and creating a more stable and predictable regulatory environment.
The regulation, which went into effect in May, 2018, applies to all companies that process the personally identifiable information (PII) of EU residents, regardless of the company’s location or where data processing takes place.
Under the GDPR, data controllers will be expected to report all possible data breaches to the relevant EU authorities within 72 hours of detection. Users affected by data breaches must also be notified by the company with few exceptions.
Contextual Security now provides our clients with expert level security and compliance driven services to help you become GDPR compliant. We can perform penetration testing, web application testing, application assessments, physical/environmental assessments, forensics and compliance assessments and validation.
The GDPR requires changes to the way organizations manage, store, transfer, and delete customer data and penalties for noncompliance will be substantial.
Companies must now be able to prove that a specific user not only gave their initial express consent to have their data stored, but also that the user’s consent records are accurate and up to date.
Fortunately, Contextual Security is here to help you improve your privacy and cyber security profile – so you can effectively implement GDPR. We carry many certifications including CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CE/H (Certified Ethical Hacker), QSA (Qualified Security Assessor), GPEN (GIAC Certified Penetration Tester), and GWAPT (GIAC Web Application Penetration Tester).
Contextual Security is your trusted security and compliance partner.
If you meet any of the following criteria, you must comply with the GDPR:
- Have EU customers or employees, regardless of the organization’s physical location
- Sell services to organizations that are exposed to GDPR (i.e., cloud service providers)
- Plan to expand into Europe in the near future
Benefits of Compliance
By complying with GDPR, you can help protect your organization from fines that can amount to up to 20 million Euros or 4 percent of your global revenue from the previous year, whichever is higher.
But, the benefits are not limited to avoiding risk. Having a solid, readily verifiable GDPR compliance program also can serve as a competitive differentiator, especially for companies that provide cloud or managed services to customers who are required to comply with GDPR. Additionally, GDPR compliance can help you demonstrate to customers that you are committed to protecting their right to privacy and their sensitive, personal data.
Contextual Security can help you achieve GDPR using the following methods:
The GDPR is a law originated and passed by the European Union. However, it is also having a big impact on businesses around the world, including the United States. Any business or entity that collects and uses personal data from individuals who reside in the European Union have to be in compliance with the law.
- Gap analysis: Our consulting services determine if your business needs to be compliant with the GDPR. Your business falls under this law if you have a presence in the European Union, process personal information of European Union residents, have more than 250 employees or if the way you process information involves the rights and freedoms of data subjects. We find any gaps in your information security and give you actionable steps to fix them.
- Advisory: Our risk management services involve putting your plan for GDPR compliance into action. Each company receives a customized approach to advisory services for GDPR. We help you set up a plan so that you do not end up having your website banned for EU access or penalized under their laws.
- Assessment: Assessment services for GDPR compliance determine your business’s current status and create a timeline for our plan of action. Our strategic recommendations for next steps simplify the process for validating if you are able to continue to conduct business with customers residing in the EU. By making tactical recommendations for the next steps, we give you proof that you are taking the necessary actions to comply with these international laws.
- Compliance automation dashboard: To make your business processes easier, we offer compliance automation through a digital dashboard. This makes it much easier for you to ensure that your business is in compliance with all of your activities. Automation also provides you with a clear record of your actions. If you need to provide proof of what you are doing for GDPR compliance, the digital automation dashboard will contain an archive of collected data, how you used it, and how you protected it.
Please contact one of our Enterprise Consultants for a free sample report.