The General Regulation on Data Protection, Regulation EU 2016/679 (the GDPR) adopted on 27 April 2016 comes into force on 25 May 2018. It strengthens the rights of individuals and increases the obligations of organizations that process data of a personal nature.
MGSI is composed of experts in information security and data protection, meaning that we are equipped to assist you in addressing the requirements of the GDPR on technical, legal, security and governance aspects.
Our services will help you transform this legal constraint into a business advantage.
The objective of a Gap Analysis is to determine the appropriate actions that need to be implemented to ensure compliance with the GDPR.
The first step consists of obtaining a global view of your personal data protection situation and then conducting an analysis of your current compliance with the GDPR through:
- The identification of the organizational measures in place for the protection of personal data (governance structure, policies and procedures);
- An inventory of the processes of personal data treatment currently being carried out, including their level of compliance with the current law and the effectiveness of these actions;
- An analysis of current processing operations and technical and safety measures taken for collection, use, storage and disposal.
As an essential part of your data protection programme, to demonstrate compliance with the GDPR, a Gap Analysis highlights the impacts of the GDPR on your organization through:
- The identification of your level of compliance with the GDPR, for each of your processes;
- The determination of the actions to be taken to meet the requirements of the GDPR, taking into consideration the level of risk for your organization and the sensitivity of the operations for the persons concerned.
Contact us to plan the execution of your Gap Analysis with our experts.
Data Protection Impact Assessment
For Data Processing that may pose a high risk to the rights and freedoms of individuals, the GDPR requires the implementation of a Data Protection Impact Assessment (DPIA).
MGSI relies on its expertise in data protection and its experience in risk analysis within information security to assist you in the execution of a DPIA and in particular:
- Determine if a DPIA is required, and the methodology to follow – adapted to your organization,
- The execution of the DPIA steps,
- The issuance of documentation associated with the DPIA, which are required by the GDPR:
- A description of processing operations
- An assessment of necessity and proportionality
- A risk assessment
- The identification of organizational and technical measures to mitigate risks
- Draft a final report for internal approval.
Contact us to assist you in the execution of your DPIA.
Compliance Audit/Project Assistance
You want to ensure compliance of your data processing with the GDPR:
- Before launching a new project, service or product;
- Before acquiring an organization, a product, or concluding a partnership.
Or you simply want to perform an external audit of the data protection management within your organization.
Contact MGSI to determine with our experts an audit or accompanying plan with a precise scope, objectives and timetable.
Our measures include:
- A description of the project/concept;
- A comprehensive inventory of processed data (data register, data mapping);
- The evaluation of actions taken according to the risk-based approach and the principle of “Accountability” (risk analysis, DPIA, BCR);
A detailed report of recommendations identifying improvements to be made to ensure compliance with the GDPR.
The GDPR changes data protection management by applying a risk-based approach and the “Accountability” principle: it is up to organizations to demonstrate that data protection measures are appropriate to the identified risks, and that they comply with the rules of the GDPR in the pursuit of the respect of human rights.
MGSI has the expertise to accompany you with:
- The implementation of an integrated data protection programme within your organization;
- The drafting and structure of your data protection management documentation.
Contact us for more information on our support services.