Solutions for GDPR compliance.
GDPR The General Data Protection Regulation
This is the EU regulation for data security and privacy that became effective May 25, 2018. GDPR applies to companies that control or process data
for EU citizens. The GDPR has specific security guidelines for protecting data with potential large fines for non-compliance (up to 10 million or 2% annual global turnover).
Data breaches must be reported within 72 hours of discovery.
Under GDPR, companies that work with EU data must be defined as a Data Controller or Data Processor.
Data Processors must work under the direction of the Data Controller as defined in a DPA (Data Processing Agreement)
along with a Data Transfer Agreement for Processors and Sub-Processors.
A third party audit must be completed each year to show continued compliance.
Companies must appoint a Data Protection Officer under GDPR (this can be a contracted position) to be compliant.
CSA - GDPR Code of Conduct Self-Assessment
The C of C Self-Assessment is used by CSP's to show compliance to GDPR for services offered to
clients located in EU member states or CSP's controlling or processing data that includes EU citizens.
Compliance consulting services for GDPR:
- Assistance to conduct initial or follow up assessment
- Gap analysis
- Remediation planning for compliance to GDPR articles
- Contract review for Data Processing Agreements and Data Transfer Agreements
- Data Protection Officer contracting role
- Assistance with CSA STAR - GDPR C of C yearly registration
- Consulting for updating and/or creating internal security / standard operating procedures
- Conducting third party Pen Testing (penetration testing) and vulnerability scans with reporting
- Consulting for continuous monitoring programs
- Conducting third party internal audits
- Conducting third party yearly security audit to maintain compliance
- SDLC review and consulting for compliance
- Software Quality Assurance review and consulting for compliance
Contact us today. We would be happy to discuss your software compliance needs for GDPR Code of Conduct assessments.