The General Data Protection Regulation (GDPR) will require organisations to refocus their efforts around the way they process both employee and customer personal data. The EU legislation, which was adopted on April 14th, 2016, provides organisations with a 2-year grace period before it comes enforceable from 25th May 2018.
How can we help?
Organisations are at different stages in their data protection ‘readiness’ journey. Some have yet to consider their approach or assess their personal data landscape, while others have already defined their programme or framework and have begun implementation.
Foresight has partnered with Xcina Consulting, specialists in the provision of high quality risk, technology, assurance and advisory services, to offer a comprehensive GDPR approach for assisting organisations in adopting a GDPR defensible position.
Xcina Consulting can support organisations at every stage of their journey, including:
• Gap analysis
• Data mapping exercise
• GDPR programme review/audit
• Implementing a robust framework
• Leading a programme of remediation efforts
• Conduct training & awareness to staff at all levels
All such services can be provided under the banner of a Virtual Data Protection Officer (vDPO).
Additionally, for complex engagements and to provide an organisation with greater peace of mind and value add, a Barrister (Queen’s Counsel) may provide advisory and oversight.
Assess & analyse
- Gap analysis to assess GDPR-readiness
- Data permeation mapping to understand end-to-end data footprint
- Training & awareness regarding personal data processing
Remediate & implement
- Establish a remediation roadmap & supporting execution
- Define the data protection strategy (if not already defined)
- Implement a data protection framework / programme
- Establish or improve a Third Party Management Framework
- Perform a GDPR framework / programme review or audit
This may also include:
- Implementation of a Business Continuity Management Framework
- Penetration testing
- Service access (control & protect cloud based SaaS apps)
- Service administration (privileged identity & access management)
- User identity protection & multi-factor authentication
- Information protection (data classification, labelling & DLP)
- Endpoint security (device encryption, pre- & post-breach real-time advanced threat protection)
- Messaging security (encryption, real-time adv. threat protection)
- Compliance (advanced data governance & eDiscovery)
This may also include:
- Implementation of a Business Continuity Management Framework
- Penetration testing
- Service access (control & protect cloud based SaaS apps)
- Service administration (privileged identity & access management)
- User identity protection & multi-factor authentication
- Information protection (data classification, labelling & DLP)
- Endpoint security (device encryption, pre- & post-breach real-time advanced threat protection)
- Messaging security (encryption, real-time adv. threat protection)
- Compliance (advanced data governance & eDiscovery)
Training & awareness
We can create and present awareness material on GDPR principles, compliance requirements, potential risks or need to know awareness. These bespoke packages will have content tailored to your business, with the involvement of senior stakeholders encouraged.
Click here to email us about our GDPR Services.