1995 saw the birth of the Java programming language, Windows 95, and the EU’s previous data privacy standard, 3 years before iMacs and Google and 5 years before the ILOVEYOU virus. Software and the Internet have changed greatly since 1995, as have the demands on data privacy.
You want your handling of enterprise data to comply with GDPR, which applies to anyone involved with the movement, processing or storage of personal data related to EU/UK citizens, regardless of whether or not the party itself is even located in the EU/UK. GDPR defines a stakeholder role (Data Protection Officer), various rights (erasure, data portability, data protection by design and by default), and certain handling assumptions (explicit valid consent, data breach reporting without undue delay, auditable processing activity records, and data protection by design and default).
While the first and non-intentional non-compliance is punished by a warning, violator fines can range as high as 4% of their global annual turnover or €20M (whichever is higher), and result in being barred from trading with all EU/UK entities. On the other hand, you don’t want to overspend on a GDPR solution or use an ineffective one. What reasonable GDPR decision should a business make to safeguard its assets?
QualiTest protects your interests by ensuring proper function of GDPR features in your software and finding potential security weaknesses that might make a data breach more likely. Together with our partner Searchlight, we do an in-depth study of both the business and technical controls to assess and identify design or business flaws to help minimize your risks so that you can properly enact changes to keep your business safe. As a result, you may experience changes in roles, technical solutions (mostly regarding security), business intelligence and data models.
|Understand the Business||Assess Existing Processes & IT||Consider Options||Plan the Roadmap||Define the Organisation|