The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
In common with many regulatory compliance challenges, we tend to address them as a series of assessments and other activities:
- Initial assessment to find out where we are with compliance and what the initial risk is. This is carried out by a combination of self-assessment and audit.
- Follow up activity to close off the gaps and issues from the initial assessment
- Risk management to accept, mitigate, and transfer to arrive at the residual risk.
- Regular self-assessed controls activity.
- Regular Key Performance Indicator collection and analysis
- Ad-hoc change-based assessment (projects/ change management)
- Periodic re-assessment to find out whether we still in overall compliance.
For GDPR and Data Protection, we suggest the following:
- Assess the organisation using a GDPR Controller framework
- Assess suppliers and services using a GDPR Processor framework
- Assess change projects using a Data Processing Impact Assessment (DPIA)
- Assess the organisation for general security and data protection using such control frameworks as CIS
- Utilise any other frameworks either from our libraries or upload your own.
Together with HydraGRCs standard facilities:
Software as a Service
Online Follow ups and closure
Online Risk Management
Multiple framework/Enterprise Risk Management
Program Management with auto scheduling
Relationship based Asset Model
Framework loading and online authoring.
Free of charge example Frameworks
Deployed in Microsoft Azure with SSL and fully encrypted database and documents
- White-labelling to blend in with your branding