The General Data Protection Regulation (GDPR) is coming to effect on the 25th of May 2018 and both private organisations and the public sector must comply. The lawmakers predominant objective is to protect EU citizens, from the unlawful processing of their personal data. At PERIMETROS we are certified data protection officers (DPO) from TUV Austria, so we have been trained extensively to understand how we can help your company comply with GDPR. Our methodology consists of seven (7) phases:
-
Project kick off;
-
Scoping of the personal data processing environment (reduction and minimisation);
-
Data protection risk analysis, or in case of a new high risk processing environment, a data protection impact assessment (dpia);
-
Design and implementation of a data protection management system (DPMS);
-
Implementation and configuration of technical security controls (e.g. file encryption);
-
Operation of the DPMS and personnel training;
-
Internal audit of the DPMS.
The above methodology is ensuring that both management and technical, physical and cyber security controls, were designed effectively and implemented properly, since only management controls or only technical controls do not suffice in order to comply with GDPR.
Additionally PERIMETROS, as a managed services provider, is offering managed DPO services to organisations that want to ensure continuous compliance with GDPR.