GDPR Readiness Services
The GDPR will replace the older EU Data Protection Directive at take effect May 2018. GDPR stands for the European Union General Data Protection Regulation. There are currently 28 different sets of data protection laws across the European Union. The GDPR will replace these with a pan European regulatory framework. As a Regulation, it is directly effective in all member states without the need for further national legislation.
The GDPR applies to all EU organizations, whether commercial business or public authority, that collect, store or process the personal data of EU individuals. Organizations based outside the EU that monitor or offer goods and services to individuals in the EU will have to observe the new European rules and adhere to the same level of protection of personal data. The Regulation also requires such organizations, controllers and processors, to appoint an EU representative based in one of the member states in which the relevant individuals are based. This is unless the processing is occasional and does not include large scale processing of special categories of data or processing of data relating to criminal convictions and offenses.
UK organizations handling personal data still need to comply with the GDPR, regardless of Brexit. The government has confirmed that GDPR will apply in the UK.
Fines/Penalties for GDPR
The GDPR allows DPAs to fine companies up to 4% of their international revenue or €20 million whichever is greater.
How to Comply with GDPR?
The GDPR encourages the adoption of certification schemes to demonstrate compliance. Compliance with the international information security standard ISO 27001, can help organizations demonstrate the data security requirements of the GDPR. Implementing ISO 27001 and adapting that for GDPR involves building a holistic framework of processes, people and technologies to secure information.
Why Us for GDPR?
We provide end to end process for SOC Reporting Engagements. With data moving into the Cloud and increased use of BIG DATA, Cloud Security and Privacy concerns are on the rise. We conduct integrated Cybersecurity engagements with privacy engagements. AICPA has developed the SOC reporting framework for privacy, which can help organizations to ascertain their level of maturity for privacy. With more stringent regulations like HIPAA, EU-GDPR and enforcement of these privacy issues are causing nightmares to organizations.
Some of the advantages of working with Us are:
Privacy Compliance with SOC 2
The privacy laws encourage the adoption of certification schemes to demonstrate compliance. Compliance with the international information security standard SOC 2 for Privacy, can help organizations demonstrate the data security requirements of the various privacy laws. Reporting on Privacy Trust Services Criteria for privacy compliance involves building a holistic framework of processes, people and technologies to secure information.
Our Privacy Related Services
- Privacy Impact Assessment
- Privacy Consulting Services
- Assurance and Audit Services
- AICPA SOC 2 for Privacy Attestation.