Compliance with GDPR

Compliance with GDPR

Preparing for GDPR is difficult, requiring software and practice changes concerning security, notifications, and permissioned new  features.   QualiTest, partnered with Searchlight, can help  you achieve compliance for your EU & UK data needs that apply starting  May 25, 2018.

1995 saw the birth of the Java programming language, Windows 95, and the EU’s previous data privacy standard, 3 years before iMacs and Google and 5 years before the ILOVEYOU virus. Software and the Internet have changed greatly since 1995, as have the demands on data privacy.

You want your handling of enterprise data to comply with GDPR, which applies to anyone involved with the movement, processing or storage of personal data related to EU/UK citizens, regardless of whether or not the party itself is even located in the EU/UK. GDPR defines a stakeholder role (Data Protection Officer), various rights (erasure, data portability, data protection by design and by default), and certain handling assumptions (explicit valid consent, data breach reporting without undue delay, auditable processing activity records, and data protection by design and default).

While the first and non-intentional non-compliance is punished by a warning, violator fines can range as high as 4% of their global annual turnover or €20M (whichever is higher), and result in being barred from trading with all EU/UK entities. On the other hand, you don’t want to overspend on a GDPR solution or use an ineffective one. What reasonable GDPR decision should a business make to safeguard its assets?

QualiTest protects your interests by ensuring proper function of GDPR features in your software and finding potential security weaknesses that might make a data breach more likely. Together with our partner Searchlight, we do an in-depth study of both the business and technical controls to assess and identify design or business flaws to help minimize your risks so that you can properly enact changes to keep your business safe. As a result, you may experience changes in roles, technical solutions (mostly regarding security), business intelligence and data models.

Understand the Business Assess Existing Processes & IT Consider Options Plan the Roadmap Define the Organisation
  •  Understand your GDPR obligations
  • Assess your existing procedural controls against GDPR requirements
  • Business Process Framework to capture scope of process controls
  • Determine GDPR implications for Supply chain partners.
  •  Assess business processes against GDPR
  • Assess applications & technology architecture against GDPR
  • Assess 3rd Party supply chain complaince.
  • Identify new controls – process, technical and procedure.
  •  Confirm remediation option to address process compliance gaps.
  • Confirm technical remediation options to address compliance gaps.
  • Confirm 3rd party remediation options.
  • Establish a risk based assessment of all remediation actions.
  •  Confirm budget for all remediation actions.
  • Create an agreed roadmap between the business & IT supported by business priorties and constraints.
  • Mobilise remediation team.
  •  Define delivery management controls to ensure on-going compliance.
  • Assess GDPR implications on roles & organisation design.
  • Introduce appropriate segregation of duties within the business & across 3rd parties.