The protection and sensitivity of personal data having always been an issue, is eventually being encoded in the EU legislation framework. The EU General Data Protection Regulation (GDPR) 2016/679, is about to change business practices coming into force on May 2018. Although, businesses heavily rely on personal data, most still remain unaware of and unprepared. Aspida provides consultancy and implementation services about the GDPR 2016/679 ensuring full compliance by:
_Assessing customers’ individual needs and risks
_Planning and implementing the strategy and appropriate controls
ASPIDA has developed a unique methodology based consulting services with the enhance of technical assessments that prepare an organisation to be compliant with the GDPR and ready to defend any attack or data breach in practice. Our methodology consists of four phases.
At phase one a GDPR specific gap analysis is conducted parallel with a technical vulnerability assessment to understand the current level of cyber security on an organisation with accordance with GDPR. During the gap analysis there will be conducted a series of interviews with the organization’s Heads of Departments (HoDs), whereas there will be identified the categories of data that each department processes transfers and archives (Data Mapping) and the technical measures utilized in order to secure the data.
The phase two consist of the research for the legal basis of the data processing that the organization conduct, consultation on data minimization if it can be applied, consultation on if a DPO is required to be inplace for the organization, conduct DPIA if it is required. Then Draft the the data flows with their legal basis that the organization processes, and also the policies and procedures required by the Regulation that will be applied to the data in order to minimize the risk of data loss or data breach.
At phase three by reviewing thoroughly the input of phase one in regards with the organization’s IT infrastructure we will provide consulting and guidance for the appropriate technical measures that need to be taken by the organization.
At phase four we evaluate all the project and we make further improvements if deemed necessary. As human factor has a great influence on the proper implementation of any information management system such as GDPR, ASPIDA performs a training session to the organization’s employees.
We treat each customer individually according to their needs by designing tailor-made solutions while being at service 24/7.