Compliance Consulting Services in the European GDPR Regulation
The process towards the compliance of a company with the requirements of the GDPR Regulation runs through the following stages:
- Identification of deficiencies/discrepancies (GAP Analysis Report): The existing level of compliance with the requirements of the Regulation is reflected through a detailed recording of the way of personal data management in all the operating units of a company. In the Gap Analysis Reports delivered at the completion of this stage, all the discrepancies and deficiencies are identified, both at organizational and technical level, while at the same time the wrong practices followed during the processing of personal data are demonstrated and corresponding corrective / improving actions.
- Development of a Personal Data Management System: the compliance of a company with the legal framework for the protection of personal data requires a broad documentation, which must cover a large number of regulatory and technical issues. Aristi Consulting delivers a complete Management System with data security procedures and policies that on the one hand covers all legal requirements, while on the other hand aligns the operation of a business with the requirements of modern information security standards. Within the framework of the realization of the System, among other things, the existing contracts concerning the processing of personal data are audited and models of new or improved contracts, forms and files in support of the System's procedures are delivered. Our basic principle is the compliance with the legal requirements to be integrated in the mildest possible way in the business operation of a company.
- Data Protection Impact Assessment (DPIA): in cases of processing of personal data that may pose a high risk to individuals, an Impact Assessment Study (Data Privacy Impact Assessment) is prepared, through which the risks are identified, the measures to deal with them are evaluated and additional data security and protection measures are proposed to reduce the risk and the processing to comply with the requirements of the Regulation.
- Training: employees are trained on the proper processing of personal data. The aim is to understand the values and prerequirements of the Regulation on the protection of personal data, but also to suggest good data management practices, depending on the job. At the same time, the entire implementation of the GDPR compliance project functions as a continuous training of the person appointed by the company as responsible Data Protection Officer.