GDPR Services

On-Demand Consulting (ODC) Advisory Services to establish a credible GDPR compliance program.
Managed Cybersecurity Services Program (MCSP) to monitor and maintain a GDPR compliance program.
Comprehensive risk assessment to identify GDPR compliance gaps.
Cybersecurity vulnerability assessment to determine security vulnerabilities.
Policy review and update to address GDPR requirements.
Development of tailored GDPR security procedures.

GDPR Executive Summary

General Data Protection Regulation (GDPR) has been effective May 25, 2018.
GDPR simplifies the regulatory environment for international business by unifying the regulation within the EU.
Addresses the export of personal data outside the EU.

Who Does GDPR Impact?

Data Controller is under legal obligation to notify within 72 hours of the discovery of a breach.
Affected individuals must be notified if an adverse impact is determined.

Applies to data controllers and processors at organizations, if the data subject (individual) resides within the EU.
Individuals currently subject to DPA, are subject to the GDPR.

Preparing for GDPR Compliance

Establish and document a framework of accountability in your organization.
Develop, publish and implement required policies and procedures, and regularly review and update them.
Train your workforce members and ensure they understand their obligations related to privacy and security.
Conduct a risk assessment and mitigate known vulnerabilities.

GDPR Personal Data

Personal data - Any data that can be used to identify an individual, including things such as genetic, mental, cultural, economic or social information.
Sensitive personal data - Special categories of personal data. For example, the special categories specifically include genetic and biometric data where processed to uniquely identify an individual.

GDPR Private Webinar: Complimentary!

Training & Certification

Step through all major sections of HIPAA Final Rule.
Examine the HIPAA Privacy and Security Rules; HIPAA Transactions Code Sets and Identifiers.

Evaluate U.S. state cybersecurity mandates, including California, New York, Texas and others.
Examine ISO 27001 and NIST standards.
Recognize key concepts to comply with the European Union (EU) General Data Protection Regulation (GDPR).

Examine and build practical cybersecurity program.
Step through core components of an incident response plan.
Review key policies in the areas of risk assessment, mobile devices, cloud computing, encryption, and more.

In the News

ecfirst Successfully Achieves CMMC C3PAO Candidate Status, October 28, 2021

Events

HIPAA Fines – Here’s What They are Telling Us | January 10, 2022

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), HITRUST Certified CSF Practitioner (CCSFP) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.