From the 25th of May 2018, businesses have the legal obligation to comply with the new GDPR. Companies have to be prepared to satisfy the rights of data subjects and respond to violations of personal data privacy in less than 72 hours.
Non-compliance may negatively impact the organization’s image and reputation as well as the trust in the institution. Fines may be imposed of up to twenty million euros or four percent of turnover (the higher of the two) in the case of companies or groups of associated companies.
How XIS Group can help with GDPR compliance?
XIS Group brings together the experience and expertise to assist organizations in implementing GDPR.
We built up our own methodology which is supported by several international standards and good practices. The technique is applied to the evaluation of risks and controls, information security, and documentation of computer systems such as the ISACA Cobit 5.0 framework (a) and a number of standards of the series ISO 27000 and ISO 42010 (b).
We are experienced in the implementation of IT security policies and procedures, supported by ISO 27001 (c), in computer audits and assessment of computer security risks and controls, as well as in the implementation of computer security technologies and systems. They allow the identification of specific technical recommendations to meet the needs of each organization.
(a) COBIT 5 is a global business and management model for the governance and management of corporate Information Technologies. It enables organizations to maximize value and minimize risk related to information. This model covers globally accepted principles, best practices, and analytical tools that can help any organization mitigate critical business problems related to information and technology.
(b) The ISO standard (International Organization for Standardization) 42010 is used to establish a consistent practice for designing architectural descriptions in the context of the software life cycle, development, and maintenance processes.
(c) ISO 27001 is the standard and international benchmark for information security management.
XIS Group’s methodology for the implementation of GDPR
Here are the main steps of our methodology to implement GDPR compliance:
1. Knowledge assessment and certified training about the GDPR policies.
2. Implementation of GDPR with certified training. We also define alert procedures for the occurrence of incidents and for communication with the GDPR control authority.
3. Providing a DPO (Data Protection Officer) as a service.
The DPO is obligatory for all public authorities and bodies, regardless of the type of data they are dealing with. Also for other organizations whose main activity is to systematically control people on a large scale, or who treat special categories of personal data on a large scale.
In choosing the DPO, their independence and absence of conflicts of interest, also their professional and behavioral competencies, must be taken into account (Article 37 n. 5).
The DPO has to be the advocate of the GDPR in the organization and is competent and influential in the decision making in the area. XIS Group gives training to prepare the designated employee to become a responsible DPO. We also provide DPO as a service. This means that one of our expert colleagues will take care of the data protection compliance procedures and you don’t have to worry about it or spend time with it ever again.
4. Continuous evaluation – we create a plan for continuous evaluation and improvement, including periodic audits, analysis of indicators, review of procedures and codes of conduct, as well as ongoing training.
Our team will provide you ongoing support from the first steps and be next to you during the whole process, whenever you need us. Let us know if you need help to make sure that your organization is working according to the rules of GDPR. Read the feedback of our previous clients and don’t hesitate to contact us for more information.