A cyber security firm has launched its GDPR Risk Assessment. Conducted by security, risk and compliance specialists, BeCyberSure says that its audit evaluates their GDPR (General Data Protection Regulation) readiness, as well as what needs to be done to ensure compliance, ahead of the May 2018 deadline for compliance.
GDPR will supersede the UK Data Protection Act 1998 and applies to every company that collects, processes or stores an EU citizen’s data, regardless of sector, size and geographical location. The firm points out that the enforcement of the regulation is unaffected by the UK’s vote last year to leave the European Union (EU).
The company says that its assessment is done on and off site by a GDPR specialist, beginning with a review of company policies and governance, procedures and processes, an assessment of physical aspects (such as access to buildings, storage of paper documents) and if deemed necessary a digital vulnerability test. The audit also involves formal and informal (covert) interviews with employees as well as heads of department.
Marketing Director at BeCyberSure, Carolyn Harrison, calls GDPR a company-wide issue that should not sit solely with IT: “Our assessment begins with people, policies and processes to reveal any possible vulnerabilities that would result in non-compliance. We then deep-dive, looking at what data the organisation is capturing, how it is processed, what consent has been given, where it is stored and how to dispose of unrequired information. The best technology in the world can be rendered useless, if an open door, whether physical or digital, creates the opportunity to access to data.”
After the audit, the organisation is presented with a confidential Advisory Report stating what action (if any) is required to ensure GDPR compliance. Harrison adds: “This report is invaluable in benchmarking where an organisation is today, where they need to get to and the best course of action to get there. They can then choose to implement the programme of work themselves, collaborate with BeCyberSure, or outsource the entire project to us.”
The firm adds that GDPR auditors have experience with backgrounds in risk management and compliance, cybersecurity, policing, intelligence services and the military. Harrison adds: “There is a lot of scaremongering about GDPR and whilst it is true that the potential fines are eyewatering and the threat of personal liability is daunting, if organisations act now, they still have time to put the necessary safeguards in place to be GDPR compliant. Undertaking a Risk Assessment is the first step in the due diligence process and it means that organisations are not spending unnecessarily in their route to compliance.”
Visit: www.becybersure.com.
