• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

GDPR Assessment

Request DatasheetRequest QuoteRequest Demo
You are here: Home / Certifications / GDPR Assessment

General Data Protection Regulation

GDPR harmonizes data privacy law & regulation across Europe and is related to processing and controlling personal data. GDPR is applicable to entities holding or monitoring European Citizen’s personal data.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

GDPR presents organizations a framework to define and design their approach to privacy of data for all personnel, harness the value of the data and ensure that the organization is fit for tomorrow’s digital and cloud economy. ControlCase has a seasoned approach for conducting assessments and audits for many regulations and including the GDPR Data Impact Assessment (DIA).

Data Impact Assessment

The Data Impact Assessment (DIA) domains include:

Strategy and governance by design to manage privacy data

Define an overarching privacy program governance structure, roles and responsibilities for Data Protection Officer to coordinate, operate and maintain the program on an ongoing basis.

Policy management

Define formal Privacy policies, procedures and guidelines which are consistent with applicable laws and regulations.

Data Identification, transfer, management & protection

Identify the locations of your privacy data. Define cross-border data transfer strategy based on current and future planned data collection, use, and sharing, and have current data flow diagrams. Create ongoing mechanisms to identify new personal data processing and use technical and organizational measures and internal controls to safeguard data,

Individual rights processing

Enable the effective processing of consent and data subject requests, such as data access, deletion and portability.

Privacy by design

Personal data protection must be implemented in the design stage of a security measure. Organization should develop a strategy for “privacy by design” to incorporate privacy controls and impact assessments throughout the data lifecycle for new and changing data use initiatives.

Information security

Identify existing security information protection controls and align security practices with security considerations, such as scanning assets for vulnerability, penetration testing (Network/Application) as applicable, defense in depth with firewall reviews, segmented networks for Privacy data holding assets, Logging and Monitoring and other information security controls.

Privacy incident management

Align incident response processes with GDPR specifications and reporting requirements. Establish a methodical approach to evaluating and reporting potential privacy breaches and incidents.

Data processor accountability

Establish privacy requirements for third parties to mitigate risks associated with access to the organization’s information assets and organizations data.

Training and awareness

Define and implement a training and awareness strategy at the enterprise and individual level to employees and contractors on how to manage and treat privacy European Citizen data.

Where are you on the GDPR journey?

ControlCase recommends the following  stepped approach for adhering with GDPR:

gdpr-flow-chart-process-1024x554ControlCase will conduct the Data Impact Assessment (DIA) as the Step One approach to implementing an Organizations GDPR program. (Priced in this proposal is GDPR – highlighted Green).

GDPR Data Discovery Solution

ControlCase Data Discovery solution will be used as a managed services solution for identifying the locations of Sensitive European Citizen’s data. The discovery tool will be used after identifying the assets from the dataflow of business processes which may hold sensitive GDPR data points and used on sampling few assets to identify the locations of these data points. After which it will be an investigative process to identify other related GDPR data attributes. The investigative process is more specific to interview based approach.

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices