Using more than twenty-five years of experience in information security and information technologies, we offer a wide array of products and services. This makes it possible to meet the majority of the new European legislative standard requirements. There is no need to solve all the required measures using your own internal resources. Our specialists can help you with a number of them. Such outsourcing is also cost-effective in many cases. GDPR complexity requires a comprehensive approach to managing privacy. AEC offers a unique pairing of knowledge in the area of systematic information security management and deployment of appropriate security technologies.
Analysis of Compliance with GDPR Requirements
The foundation for proper implementation of GDPR requirements is a detailed comparison between the current state and data protection requirements as defined in Regulation. That is the only way to ensure the effective implementation of all GDPR requirements. AEC can prepare a detailed analysis and recommend a suitable procedure and scope of implementation.
Design and Implementation of Processes and Methodologies
GDPR is based on the principle of “privacy by design” and a “risk-based approach.” This requires not only the introduction of new security processes and methodologies within an organization, but it often has an impact on the context of information systems’ architecture and applications. These include procedures for reporting security incidents, information obligations, or the right to erasure. AEC can design and implement processes and a methodology customized to the organization’s environment.
Processing Management Documents
An essential part of personal data protection is appropriate organizational management documentation (policies, directives etc.) that demonstrates compliance with GDPR requirements. AEC can prepare governing documents or modify the extent of existing internal policies and processes to be consistent with respect to GDPR requirements.
Implementation of Technical Measures
The basic GDPR requirement to ensure the protection of personal data is to guarantee their confidentiality, availability and integrity. This implies the deployment of adequate technical measures to ensure proper security and to identify a security breach (Data Loss Prevention, Network Behavior Analysis, SandBox, cryptographic tools etc.). AEC can design and implement appropriate technical solutions according to the individual needs of organizations.
Data Protection Impact Assessment
Data Protection Impact Assessment is an essential tool to ensure high security of personal data while handling any personal information, such as profiling, processing sensitive data or carrying out public area monitoring (CCTV), etc. AEC can assess the obligation of the organization to implement DPIA and if such obligation arises, it can propose the appropriate method of implementing DPIA in existing (e.g. project) methodologies. In addition, AEC can also provide the processing of specific DPIA analysis, including any consultation with the Supervisory Authority.
Data Protection Officer – DPO
One of the new GDPR requirements for compulsory subjects is to appoint a Data Protection Officer. This role requires a person with sufficient experience and expertise in the area of personal data protection. There is an expectation that there will be a shortage of suitable candidates for the DPO position in the job market. However, this role can also be outsourced. This service can be provided by AEC with their experienced and certified consultants to ensure the fulfillment of all the obligations of the DPO.
Implementation of GRC Solutions
GDPR creates many partial duties, particularly for large organizations processing a large volume of personal data. GRC solutions (Governance, Risk and Compliance) can be an essential element that enables the effective management of personal data protection and compliance to GDPR requirements, including monitoring the extent of compliance. AEC can provide optimal design and implementation of appropriate GRC solutions, with their team of experienced consultants for this purpose.