Cyber Security Requirements
Defines lawfulness of processing data to include consent by data subjects, privacy by designing, the right to be forgotten and data portability requirements
Outlines responsibilities of controllers and processors
Requires Privacy Impact Assessment and appointment of a data protection officer
Enforces strict breach notification requirements
This regulation is unprecedented, and it is imperative your organization develop a plan for execution to include people, process and technology. Your security department should assess itself across the six key security components of GDPR and develop a business aligned plan in conjunction with the IT and legal teams.
Understand GDPR regulations as it relates to the business and then activate a plan to meet those obligations.
Analyze what data within the environment is relevant to GDPR and develop proper classification scheme for ongoing data management.
Determine where sensitive data is stored across your environment and set up policies and procedures to manage it.
Recognize who has access to data and set up policies and procedures for access management and governance.
Prepare for the chance of an incident, ensure that plans are in place to meet GDPR obligations regarding the handling of sensitive information.
Plan, build and run an appropriate security program for the protection of sensitive information.
SMCPL has the proven ability to look at your organization's security and privacy program holistically. Our goal is to help your business evolve and improve your security program, and as a result, meet GDPR requirements, not the other way around.
SMCPL can help your organization to not only create a plan, but execute and maintain that plan to include people, process and technology. If you are just getting started or already executing to a GDPR roadmap, SMCPL provides solutions to reach GDPR compliance without the noise.
The time has come to execute – a great place to start is with SMCPL’s GDPR Readiness Review and implementation