General Data Protection Regulation
Personal Data Protection and Commitment to Privacy.
- Assessor Type
- Governing Body
- Data Type
- EU DATA SUBJECTS
- EUROPEAN UNION
When it comes to Data Privacy and Protection, GDPR leads the way. The European Union brought General Data Protection Regulation into enforcement on 25th May 2018 to provide specific guidance on how Personally Identifiable Information (PII) should be recorded, stored and transferred without overstepping the right to privacy of the EU citizens
All companies across the globe that collect, and process personal data of EU citizens have to comply with GDPR. An organisation can be a data controller or processor or both based on the role it plays in handling Personally Identifiable Information (PII).
As a data controller, the organization is responsible for the security and accountability of personal data.
Any other organization functioning as a partner or as a service provider and in that capacity has access to PII – then the partner / service provider is treated as a data processor and is liable to meeting the requirements defined under GDPR.
GDPR clearly lays down the responsibilities and liabilities for data controllers, data processors and joint controllers.
- All the entites who are GDPR compliant must renew there certifications after every three years
Before implementing the regulatory requirements, we make sure that your organization has enough understanding of the regulation and why and where it is applicable to your product and service.
After identifying PII, we will review the existing set up against the requirements outlined in the regulation to identify gaps in the organization’s GDPR preparedness.
How can CBL Help?
Committing to Privacy protection is no longer a choice but a mandatory requirement to conduct business.
Our Privacy team has successfully led through several multinational and complex engagements to meet legal obligations as well as customer confidence.
Bespoke advisory Solutions
We understand silver bullet approach wont help at all, we provide customized solutions to make sure that you implement GDPR Controls effectively in your environment.
Our decades of experience in various industries has enabled us to address industry pain points in implementing cybersecurity controls for PII Data. Experience working with financial services, e commerce, technology sector and healthcare helps us provide the right sized advisory for GDPR adherence.
Our Automated approach in providing report, exchanging documents and workflow management saves lot efforts and keeps us away from audit fatigue
Being a full service service provider to adhere to the GDPR , we provide all the auxiliary services needed to be GDPR adherent. Our consulting support helps implement and also maintain the standards.
GDPR could be complex and tedious to understand initially, however being in line with GDPR:
Our privacy consultants are a group of techno consultants, who have exhaustive cybersecurity consulting experience and have been keenly following the privacy landscape ever since the ‘Safe Harbour’ decision.
With several GDPR implementation engagements under our belt since 2018 – we have developed our GDPR Adherence Methodology. Our Methodology is based on defense in depth practices spanning network architecture, application security, IT infrastructure security, policies and procedures in maintaining the security of the data
According to article 5 of GDPR there are seven principles laid for personal data that it shall be:
- Processed lawfully, fairly and in a transparent manner
- Collected only for specified, explicit and lawful purposes
- Adequate, relevant and limited to what is necessary
- Accurate and kept up to date
- Kept only for as long as it is needed and no longer
- Protected in a manner that ensures its security and integrity
GDPR could be complex and tedious to understand at first but being in line with GDPR:
- Demonstrates your commitment towards data privacy to your clients
- Safeguards the PII (Personally Identifiable Information) from loss, theft, manipulations
Saves from paying huge penalties on non-compliance (up to 20 million Euros or 4% of the worldwide annual revenue of the prior financial year).
- The right to be informed
- The right of access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Rights related to automated decision making and profiling