GDPR Services

  • On-Demand Consulting (ODC) Advisory Services to establish a credible GDPR compliance program.

  • Managed Cybersecurity Services Program (MCSP) to monitor and maintain a GDPR compliance program.

  • Comprehensive risk assessment to identify GDPR compliance gaps.

  • Cybersecurity vulnerability assessment to determine security vulnerabilities.

  • Policy review and update to address GDPR requirements.

  • Development of tailored GDPR security procedures.

GDPR Executive Summary

  • General Data Protection Regulation (GDPR) has been effective May 25, 2018.
  • GDPR simplifies the regulatory environment for international business by unifying the regulation within the EU.
  • Addresses the export of personal data outside the EU.
GDPR Program

Who Does GDPR Impact?

  • Data Controller is under legal obligation to notify within 72 hours of the discovery of a breach.
  • Affected individuals must be notified if an adverse impact is determined.
  • Applies to data controllers and processors at organizations, if the data subject (individual) resides within the EU.
  • Individuals currently subject to DPA, are subject to the GDPR.

Preparing for GDPR Compliance

GDPR Compliance
  • Establish and document a framework of accountability in your organization.
  • Develop, publish and implement required policies and procedures, and regularly review and update them.
  • Train your workforce members and ensure they understand their obligations related to privacy and security.
  • Conduct a risk assessment and mitigate known vulnerabilities.

GDPR Personal Data

  • Personal data - Any data that can be used to identify an individual, including things such as genetic, mental, cultural, economic or social information.
  • Sensitive personal data - Special categories of personal data. For example, the special categories specifically include genetic and biometric data where processed to uniquely identify an individual.

GDPR Private Webinar: Complimentary!

GDPR

Training & Certification

CHP
  • Step through all major sections of HIPAA Final Rule.
  • Examine the HIPAA Privacy and Security Rules; HIPAA Transactions Code Sets and Identifiers.
CSCS
  • Evaluate U.S. state cybersecurity mandates, including California, New York, Texas and others.
  • Examine ISO 27001 and NIST standards.
  • Recognize key concepts to comply with the European Union (EU) General Data Protection Regulation (GDPR).
CCSA
  • Examine and build practical cybersecurity program.
  • Step through core components of an incident response plan.
  • Review key policies in the areas of risk assessment, mobile devices, cloud computing, encryption, and more.

  In the News

Connect with ecfirst at the Defense TechConnect Innovation Summit, Washington, DC, November 28, 2023

  Events

Webinar—Beyond NIST, CMMC Certification: Fusion and Future, October 30, 2023

  Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), HITRUST Certified CSF Practitioner (CCSFP) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.