Overview and Services

Overview

 

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council, and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international businesses by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) from 1995 which was enacted into British law via the 1998 Data Protection Act

"personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."

 

To book an impact assessment about how GDPR will affect your business or for anything GDPR-related, contact us at gdpr@procheckup.com

Also make sure you check our 12 steps to GDPR Compliance Guide

 

GDPR Services

Scoping

In order for ProCheckUp to conduct a suitably detailed assessment on a company, it is essential to understand the Data environment and processes to be assessed. This understanding is achieved through a scoping exercise conducted between the client (and any relevant third parties involved), and the consultant who will be conducting the assessment as well as the ProCheckUp Account Manager. One of the most crucial elements of this is what do you as the client want to achieve. With this in mind, the entire engagement can be tailored to achieve the objectives of the client.

Approach

ProCheckUp’s approach is based on a robust holistic approach working in partnership with our clients utilising the engagement lifecycle below.

ProCheckUp Engagement lifecycle

ProCheckUp utilises a standard engagement model for all engagements which is defined below: -

Offering - Activities that take place before the execution of a consultancy assignment:

  • Pre-sales and identification of client needs
  • Creation of an agreement, typically covering: - Context of the work - Services and deliverables - Approach and work plan - Roles and responsibilities

 

Execution - Delivery of the services agreed at the offering stage to satisfy the client:

  • Refining the work plan
  • Implementing the agreed work plan
  • Assignment of staff, management, and mentoring
  • Approval and acceptance

 

Closure - Activities that take place at the end of a consultancy assignment:

  • Final client evaluation and agreement that the service has been delivered
  • Conclusion of obligations
  • Finalising payment
  • Any subsequent improvements to the service

 

The diagram below illustrates the full methodology of the GDPR Engagement with ProCheckUp.

Phase one.  Pre-Compliance Assessment

The pre-compliance assessment will involve understanding the size of the compliance risk to your business, to determine where you stand, and create a compliance programme tailored to your specific requirements. The pre-compliance assessment involves gathering data to identify gaps within your current security posture, GDPR and any other security standards where applicable.

The pre-compliance assessment will typically include:

  • Conducting an on-site review of IT infrastructure, network design and architecture, application architecture, policies, procedures and processes to determine non-compliant areas
  • Identifying your sensitive data environment (stores locations) and determining your data flows
  • What personal data the company possesses
  • Where it is transferred to (Third parties) and backup/storage
  • How it is secured/marked through the lifecycle
  • Performing vulnerability assessment scans that adhere to industry good practice
  • A gap analysis between the pre-assessment of the policies, procedures and processes as well as scan results against both industry best practice and the requirements of the EUGDPR
  • A risk analysis and recommendations report
  • Scoping and prioritising remediation activities

 

Phase two - Remediation

Based upon the results of the pre-compliance assessment, the remediation programme provides a controlled, focused, and effective framework towards achieving compliance. Our remediation programme will help your organisation develop, implement and document the evidence required to prove compliance in accordance with the EUGDPR. We will look to form close working relationships with not only your organisation but also any additional third party vendors that are involved in delivering hardware, software and services if required.

  • Corporate governance
  • Training and staff awareness
  • Policy and procedures
  • Aligning compliance with other standards and legislation
  • Third party management and agreements
  • Maintaining inventory
  • Information security controls

 

Phase three – Audit and report on compliance

At the conclusion of the remediation phases; ProCheckUp will manage the audit process. This phase will involve a formal audit process and include the production of the Report on Compliance to the EUGDPR.

Phase four - Maintaining Compliance

Achieving compliance isn’t just a one-off exercise but a continued journey.

It is vital that any process or technology decisions are taken with compliance in mind. ProCheckUp can assist by managing the overall compliance process, providing programme management from the initial pre-compliance assessment through to ongoing compliance.