Are You 100% Sure What’s Involved in GDPR Compliance?

CST are proud to have achieved 20 years of dedicated security experience, making us one of longest established specialists within the UK. We recognise that complexity can be the enemy of security. With so many security providers out there promising the world, stories of data leaks in the media and the sea of information available to IT departments - we understand how confusing it can be. We can help make security simple, by clearly identifying what really matters to your business and ensuring that your precious time, money and resources are focused on the areas that count. Essentially, CST is here to complement your own resources and help fill any resourcing and skill gaps within your own security posture.

The need for better security measures are even more important now, with the new GDPR mandate coming into force on May 25th. Businesses must change the way they handle customer data to avoid incurring hefty fines. There are four main areas where CST can help you become GDPR compliant:

• Advice and Guidance  

- expert consultation from our industry-leading specialists

• Information Discovery and Identification

- discover your sensitive data, who has access to it and where it is stored

• Data control and Access Management

- applying access controls to the right people for the right data  

• Data Protection and Encryption Solution

- protecting your data from loss either by malicious intent or accidental leakage

How we can help:

a. Objective: Convey and explain the GDPR requirements and implications to key staff.

b. Method: Onsite discussion and presentation with key authority staff, email follow-up with summary of observations made during the session.

c. Effort: Half day.

The DPIA is a key requirement of GDPR as it demonstrates the design of data privacy is being formally considered, it is one of key steps suggested by the ICO.

a. Objective: Ascertain if GDPR is applicable to the organisation, the extent of the PII data

in scope, and the high-level risks.

b. Method: Process mapping workshops to understand organisational work-flows and supporting data, followed by a risk assessment workshop to understand the risks associated with the data.

c. Effort: Process and risk workshops will be dependent upon the complexity and scope of the business. There are a number of options we can offer based on resource:

i. Full support: assess the effort as an output from the Introductory Workshop.

ii. Skills Transfer and support at agreed milestones, for example one day a week for a defined number of weeks.

iii. Skills Transfer where the Customer wishes to undertake the remaining work themselves.

a. Objective: Assist with the creation of an implementation plan to meet GDPR requirements

b. Method: Using results from the DPIA to work with key staff to map out information key

requirements, staff responsibilities and information controls.

c. Effort: dependent on the complexity and the gaps as identified in the preceding stage.

These are bespoke services where the organisation wants additional consultancy, either

ad-hoc or as a formalised programme, to assist and help them with the implementation

and adoption of new practices.

 

For more information on cyber security and information protection, please click here. To get in touch with CST to book or make an enquiry about our workshops, please contact us.