We consider the key trends that will define 2018’s key business challenges… Plagued by cyber-attacks and skills shortages...
Chris Butler, Principal Consultant, Cyber Resilience & Security considers how you can get YOUR business ready for May 25th 2018…
The framework outlined by the EU General Data Protection Regulation (GDPR) is admirably designed to facilitate digital transactions, promote transparency, improve governance and enforce accountability. But implementing and maintaining GDPR-compliant processes within an organisation is no easy task. With the deadline now just months away, Sungard Availability Services can help.
Our experience of successfully implementing and managing data governance and regulatory compliance programme makes us well-placed to achieve a practical, pragmatic implementation of the GDPR that takes into consideration your corporate culture and finite financial assets, industry good practice and the latest regulatory guidance.
One security expert claims GDPR could drive cyber criminals’ ransom demands higher. Previously, sums demanded have been fairly arbitrary because there was no way to determine exactly what data was worth to a targeted organisation. But this will change after the GDPR compliance deadline on 25 May 2018 when companies can be fined up to 4% of their global annual turnover or $20m, whichever is greater, if data is leaked and they are found to have not looked after it properly. He argues that this gives criminals a price point as they know companies might be willing to pay anything less than the full amount of the fine to avoid reputational damage by keeping the breach secret.
We can work with you to develop a suitable framework to comply with the GDPR’s provisions including:
Recognising that implementing the GDPR could have significant resource implications, Sungard AS can help develop awareness campaigns, as well as prepare and deliver training and awareness materials such as the Sungard AS GDPR Masterclass©.
Under the GDPR, organisations have a general obligation to implement technical and organisational measures to show that they have integrated data protection into processing activities. In GDPR terminology this is known as data protection by design and by default. Sungard AS can review and improve your organisation’s processes.
Our GDPR-compliant DPIA tool, which can be run in French and English, is an efficient way for companies to identify how best to comply with data protection obligations and meet individuals’ expectations of privacy. It allows different business teams to identify and fix problems at an early stage, reducing the associated costs and damage to reputation which might otherwise occur.
(Note: Despite the similarity between their names, the newly-defined Data Protection Impact Assessment (DPIA) is not the same as the more well-established Privacy Impact Assessment!)
Companies should have procedures in place to detect, report and investigate a personal data breach. The GDPR introduces a duty on all organisations to report certain types of data breach to the Supervisory Authority and, in some cases, to the individuals.
Sungard AS has an unsurpassed global reputation for helping organisations to improve their crisis management capabilities with services including simulations and exercises. We can advise you on developing your response to a breach.
Perhaps one of the biggest changes brought in by GDPR is moving from implicit to explicit, purpose-bound consent, which must be “freely given, specific, informed and unambiguous”. This means organisations need to be clear what they intend to use an individual’s personal details for, and make that purpose clear. We can guide you on the ramifications you need to consider in light of this clause.
Companies that have processing activities in several countries will typically fall under the jurisdiction of multiple supervisory authorities. We can help controllers understand how the GDPR applies to their processing activities in the different national contexts across the EU.
If personal data needs to be transferred, adequate safeguards must be in place. Sungard AS can advise on the best mechanisms to perform personal data transfers lawfully.
For years, certification marks and seals have served as a mark of trust for consumers, showing the organisation adheres to certain principles. Sungard AS can help companies attain the relevant Privacy Seal.
1.Comprehensive proprietary methodology based on:
We follow the Plan-Do-Check-Act (PDCA) model used in ISO/IEC 27001 as our structure for developing and delivering assignments as the four-step process supports continuous improvement.
2.Expertise and experience – Our GDPR-certified data governance and data protection consultants are all highly experienced. Sungard AS is a corporate member of the International Association of Privacy Professionals (IAPP), which has appointed one of our consultants a Fellow of Privacy.
3.Comprehensive range of services spanning the data protection spectrum – These can be tailored to your organisation’s needs and strategy and include:
GDPR presents opportunities for companies that manage their data well to grow and exploit new markets, build a more sustainable bottom line and gain an enhanced reputation in the marketplace. But, with sanctions coming into force in May, the clock is ticking!
For more information about GDPR support from Sungard AS, please email firstname.lastname@example.org.