Information Management & General Data Protection​ Compliance

What does it mean for your business?

The GDPR applies to any organization inside or outside the European Union who is offering goods or services to, and/or tracking the behaviors of EU citizens. That means that if you do business with Europeans that involves the processing of their personal data, this legislation applies to you.

Key Challenges

The new regulation impacts businesses in many ways. Privacy and data protection will be part of a company’s core requirements leading the way in data collection and storage. All organisations should properly prepare and comply with the new policies, otherwise they can be fined. It is important to note that these rules apply to both data controllers and processors.

The Records Hub S.A. provides you customized compliance, implementation, training and support services which are covering all GDPR.

Evaluation

Complete and detailed registration of the organization’s activities, which include the personal data processing and the entire flow of the data related to them.
Designing the Data Flow Diagrams of business activities aiming to the representation of their processing, capturing the involved parties, the type of data, the mode of transport, the points and the form of storage and the intervening systems.
Detailed Gap Analysis per activity evaluating per article of the General Data Protection Regulation (GDPR), in order to identify the deficiencies in relation to what are defined by it.
Carrying out the Data Privacy Impact Assessment study, in the activities required according to the instructions of the competent Authority, for the protection of personal data, the identification of possible risks, the assessment of the respective security measures as well as the effects that may occur to somebody, caused by a breach of his personal data and the proposed measures to address the risks.
Preparation of the Action Plan where the proposed actions per department and the company’s activity are analyzed and presented according to the information and the data collected at the recording stage and analyzed at the analysis stage.
Detailed report of the process and methodology followed, the findings raised and the proposed actions, with detailed reference to the compliance instructions and a list of models and suggestions.

Implementation

Encryption of the personal data during the transfer (websites, emails, etc.), but also during storage (databases, files, user terminals, etc.), for the maximum data security and the smooth and proper business’s operation.
Reorganization of the backups and their download procedures to deal with modern threats and comply with the requirements of the General Data Protection Regulations (GDPR) (retention times, secure deletion procedures, etc.)
Specialized and personalized design of all the necessary Personal Data Security Policies in accordance with the requirements of the Regulation, the best security practices, the international standards and the specialized client’s needs.
Consulting support for the redesign of the procedures required under the provisions of the General Data Protection Regulation (GDPR), such as: procedures for dealing with breach, procedures for exercising and serving the rights of persons, international proceedings, etc.
Consulting on upgrading the vulnerability of Network Perimeter, on the proper classification and security of the internal network and on the implementation of security policies.
Vulnerability investigation and risk assessment following breach incidents both online and implementation level.
Customized and complete restructuring of the company’s contracts (with staff, associates, suppliers, etc.), in accordance with the requirements of the General Data Protection Regulation (GDPR), taking into account the type and nature of each processing, the categories of persons and the nature of the data.
Preparation of personalized user terms and personal data protection policies for websites, services, etc.

Training

Training at every level of the company’s staff (administration, IT, staff, legal department, etc.) regarding the General Data Protection Regulation (GDPR). Every seminar is customized to the needs of the client and the material and examples are drawn from the daily activities of the individual departments of the company. The training includes: basic principles and concepts of the GDPR, comprehensive knowledge of the requirements and new obligations arising from the implementation of the GDPR, information on current cyber threats and measures to address and protect, organization issues, procedures and management of natural knowledge of the steps required to comply with the GDPR, understanding the possible consequences of a possible breach of personal data, basic rules and protection measures to prevent breaches, reporting specific issues that concern and will concern the company, etc.
The seminars can be combined with assessment of the trainees. The evaluation can be done with multiple choice test or with interactive evaluation through realistic scenarios. The results can be stored or collected anonymously depending on the requirements of the client and the business processes with the staff.
In compliance with the management, we undertake the sending procedure of misleading emails to the accounts of the staff in order to evaluate the assimilation of security measures in both cyber-security and personal data protection issues.

Preservation

Assessment of the situation after the implementation of the compliance plan with the simulation of breaches and controls in order to ensure the customer’s continuous compliance with the General Data Protection Regulation (GDPR), through regular re-inspections.
Periodically update of the security policies and procedures at regular intervals, in accordance with any new instructions from the competent Data Protection Authority, the European Supervisory Board, the European Commission and the other competent supervisory authorities.
We undertake the management and processing of breaching cases by collecting the necessary information, managing the communication with the competent Authority, preparing the necessary notification statements, the necessary memoranda, consulting in matters of communication to the person, etc.