GDPR Services

  • On-Demand Consulting (ODC) Advisory Services to establish a credible GDPR compliance program.

  • Managed Cybersecurity Services Program (MCSP) to monitor and maintain a GDPR compliance program.

  • Addressing GDPR mandates.

  • Comprehensive risk assessment to identify GDPR compliance gaps.

  • Cybersecurity vulnerability assessment to determine security vulnerabilities.

  • GDPR cybersecurity strategy workshop (1-day program, delivered at your site).

  • Policy review and update to address GDPR requirements.

  • Development of tailored GDPR security procedures.

GDPR Executive Summary

  • General Data Protection Regulation (GDPR) has been effective May 25, 2018.
  • GDPR simplifies the regulatory environment for international business by unifying the regulation within the EU.
  • Addresses the export of personal data outside the EU.
GDPR Program

Data Breach Requirements

  • Data Controller is under legal obligation to notify within 72 hours of the discovery of a breach.
  • Affected individuals must be notified if an adverse impact is determined.

Who Does GDPR Impact?

  • Applies to data controllers and processors at organizations, if the data subject (individual) resides within the EU.
  • Individuals currently subject to DPA, are subject to the GDPR.
GDPR Compliance

Preparing for GDPR Compliance

  • Establish and document a framework of accountability in your organization.
  • Develop, publish and implement required policies and procedures, and regularly review and update them.
  • Train your workforce members and ensure they understand their obligations related to privacy and security.
  • Conduct a risk assessment and mitigate known vulnerabilities.

GDPR Personal Data

  • Personal data - Any data that can be used to identify an individual, including things such as genetic, mental, cultural, economic or social information.
  • Sensitive personal data - Special categories of personal data. For example, the special categories specifically include genetic and biometric data where processed to uniquely identify an individual.

GDPR Strategy Workshop


Training & Certification

  • Step through all major sections of HIPAA Final Rule.
  • Examine the HIPAA Privacy and Security Rules; HIPAA Transactions Code Sets and Identifiers.
  • Evaluate U.S. state cybersecurity mandates, including California, New York, Texas and others.
  • Examine ISO 27001 and NIST standards.
  • Recognize key concepts to comply with the European Union (EU) General Data Protection Regulation (GDPR).
  • Examine and build practical cybersecurity program.
  • Step through core components of an incident response plan.
  • Review key policies in the areas of risk assessment, mobile devices, cloud computing, encryption, and more.

Act Now for GDPR Compliance!

Time is running out for businesses ill-prepared for the May 2018 introduction of the EU’s GDPR. Failure to comply may result in fines up to 4% of annual global revenue or €20 million — whichever is greater! Schedule an ecfirst GDPR Cybersecurity Strategy Workshop Now!

Read More

In the News

Medical IoT Cybersecurity Solution: ecfirst Partners with Culinda!


Cybersecurity Certification Program Confirmed for Delivery in Des Moines, Nov 6, 2019.

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), CCSFP (HITRUST) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.