GDPR Services

  • On-Demand Consulting (ODC) Advisory Services to establish a credible GDPR compliance program.

  • Managed Cybersecurity Services Program (MCSP) to monitor and maintain a GDPR compliance program.

  • Comprehensive risk assessment to identify GDPR compliance gaps.

  • Cybersecurity vulnerability assessment to determine security vulnerabilities.

  • Policy review and update to address GDPR requirements.

  • Development of tailored GDPR security procedures.

GDPR Executive Summary

  • General Data Protection Regulation (GDPR) has been effective May 25, 2018.
  • GDPR simplifies the regulatory environment for international business by unifying the regulation within the EU.
  • Addresses the export of personal data outside the EU.
GDPR Program

Who Does GDPR Impact?

  • Data Controller is under legal obligation to notify within 72 hours of the discovery of a breach.
  • Affected individuals must be notified if an adverse impact is determined.
  • Applies to data controllers and processors at organizations, if the data subject (individual) resides within the EU.
  • Individuals currently subject to DPA, are subject to the GDPR.

Preparing for GDPR Compliance

GDPR Compliance
  • Establish and document a framework of accountability in your organization.
  • Develop, publish and implement required policies and procedures, and regularly review and update them.
  • Train your workforce members and ensure they understand their obligations related to privacy and security.
  • Conduct a risk assessment and mitigate known vulnerabilities.

GDPR Personal Data

  • Personal data - Any data that can be used to identify an individual, including things such as genetic, mental, cultural, economic or social information.
  • Sensitive personal data - Special categories of personal data. For example, the special categories specifically include genetic and biometric data where processed to uniquely identify an individual.

GDPR Private Webinar: Complimentary!

GDPR

Training & Certification

CHP
  • Step through all major sections of HIPAA Final Rule.
  • Examine the HIPAA Privacy and Security Rules; HIPAA Transactions Code Sets and Identifiers.
CSCS
  • Evaluate U.S. state cybersecurity mandates, including California, New York, Texas and others.
  • Examine ISO 27001 and NIST standards.
  • Recognize key concepts to comply with the European Union (EU) General Data Protection Regulation (GDPR).
CCSA
  • Examine and build practical cybersecurity program.
  • Step through core components of an incident response plan.
  • Review key policies in the areas of risk assessment, mobile devices, cloud computing, encryption, and more.

In the News

Medical IoT Cybersecurity Solution: ecfirst Partners with Culinda!

Events

Encryption: Policy to Practice, Lower Risk, Increase Compliance! | ISACA Europe 2021 | Helsinki, Finland, Oct 20, 2021

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), HITRUST Certified CSF Practitioner (CCSFP) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.