IMPLEMENTATION OF MANAGEMENT STANDARDS
0700 12 070
Home| Services| Implementation of the GDPR (Regulation 2016/679)
Your rating 0 from 0 votes


CONSULTING AND IMPLEMENTATION OF GDPR (GENERAL DATA PROTECTION REGULATION)


THE STAGES OF CONSULTATION ON GDRP REQUIREMENTS CAN BE CONDITIONALLY DIVIDED INTO:
  • GAP analysis and assessment of the current level of compliance;
  • preparation of rules and procedures for implementation of the requirements of GDRP;
  • assistance in implementing the rules and procedures for implementation of the requirements of GDRP and bringing it in full compliance with the regulation;
  • monitoring of GDPR compliance.
 
GAP analysis
During the GAP analysis, an assessment of the current level of compliance of the processes in the organization with the requirements of GDRR is performed. Our consultants participate both in the assessment of the current processes related to the processing of personal data, and in the processing of such data using IT tools. The assessment criteria are both the requirements of REGULATION (EU) 2016/679 and the use of control mechanisms and good practices set out in ISO 27001 and ISO 27002. The purpose of the GAP analysis is to determine whether the adopted practices and the IT tools used ensure the right of personal data owners to:
  • receive timely information about the use of data;
  • view and correct their personal data;
  • their right to be "forgotten" (delete their personal data from a register/system/archive, etc.);
  • restrict the processing of personal data;
  • be notified in case of compromising (unauthorized access, use, modification or deletion) of their personal data or restriction of their processing;
  • they require the transfer of their data to another personal data controller;
  • object in case of disagreement with the way of processing / use of their data;
  • they can stop making decisions based solely on automated processing, including profiling.
 
The specific analyses and assessments that are performed are primarily in the field of:
  • the organization and accountability in the processing and use of personal data;
  • the degree of centralization of data protection;
  • data protection levels;
  • the level of consistency of the data;
  • data management rights;
  • data compromise notification mechanisms;
  • actions in international data transfers;
  • data protection roles and responsibilities;
  • the overall level of compliance with GDRP.
 
Preparation of rules and procedures for implementation of the requirements of the GDPR
Based on the performed GAP analysis, the consulting team:
  • proposes the necessary changes in the business processes related to the collection and processing of personal data;
  • proposes the necessary changes in the IT environment (networks, systems, databases, etc.) for data processing;
  • offers appropriate control mechanisms when working with data;
  • develops the necessary set of rules and procedures in accordance with GDRP to be implemented in the organization;
  • develops reporting and notification mechanisms.
When developing the rules and procedures, the requirements of REGULATION (EU) 2016/679 are complied, as well as good practices laid down in ISO 27001 and ISO 27002.
 
Assistance in implementing the rules and procedures for implementation of the requirements of the GDRP and bringing it in full compliance with the Regulation
During the implementation of the rules and procedures for compliance with the requirements of the GDPR, consultants perform:
  • training – of key employees engaged in the process of implementation and implementation of the new requirements;
  • consulting – assistance in the implementation of new/changed business processes, internal controls, work organization and reporting.

At this stage, the work of the consultant can significantly reduce the efforts made, increase the level of understanding and implementation and shorten the implementation time, as well as give a real preliminary assessment of the results of the completed process of GDPR implementation.
 
Monitoring of GDPR compliance
The successful implementation of the requirements of the GDPR can be established by conducting an internal audit of business processes related to the processing and administration of personal data. The audit is carried out on a sample basis, following the entire life cycle of randomly selected personal data.

A guarantee for the successful maintenance of the requirements is the implementation of a procedure for constant monitoring and surveillance of the personal data management processes. Within the annual audit program, activities for analysis and evaluation of the design and implementation of all activities and control mechanisms related to the maintenance of the GDPR should be added.

Depending on the activity and structure of the organization, the following areas are covered to one degree or another in the planning of the audit:
  • personal data – identification, confidentiality, owners, coverage;
  • characteristics and scope of the activity – administrator, territorial units;
  • legal basis for administration of personal data – volume, nature;
  • transparency of the processing and administration process;
  • level of data protection and accountability;
  • respect for the rights of the owner of personal data;
  • data security level;
  • monitoring and response in case of data breach (leakage, change, deletion);
  • international data transfer outside the EU;
  • use of subcontractors in administration.
 

CONSULTING AND IMPLEMENTATION OF GDPR (GENERAL DATA PROTECTION REGULATION)



TAGS
GDPR ISO 27001
News
27
02.24
Amendment 1: Climate action changes
Late last week, the International Organization for Standardization (ISO) announc...
05
02.24
Differences between NIS and NIS 2 directives
The European Union's cybersecurity rules, introduced in 2016, have been upda...
Accents
10
08.23
Standards for the protection of automotive security
The automotive industry has changed rapidly in recent years with the advent ...
28
07.23
WLA Security Control Standard - security controls in the lottery industry
The WLA Security Control Standard (WLA SCS) is an information security managemen...

Implementation of management standards

CONSEJO EOOD is a consulting company formed by a team of consultants with over 15 years of experience in management systems in the field of international standards. The focus of the company is the provision of consulting services in the development and implementation of management systems that meet the requirements of international standards for quality, the environment, safe working conditions, information security, good production practices based on international standards: ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, IFS Food, HACCP and others.

The CONSEHO team has participated in the realization of projects in all branches of the economy. The projects implemented by the CONSEHO team are over 1000, in the fields of production and design, construction, trade, information and communication technologies, transport and forwarding, hotel and restaurant industry, special production, energy, design, food industry, services, etc. The company has established a strict procedure for monitoring the compliance with the agreed requirements with the clients, both the terms of the contracts and the quality of service performance. The established working style of the company consists of developing real management systems together with our customers, on the basis of conducting multiple trainings and providing full assistance in the implementation process. Through its approach to work, CONSECO ensures and guarantees trouble-free certification of the built systems in extremely short terms.

See more
Partners
https://neterra.net/
https://www.gromahold.bg/dejnosti/
https://www.oktaxi.net/
https://www.softwaregroup.com/
https://www.scorpion-shipping.net/
https://www.dundeeprecious.com/
https://www.mumnet.com/
https://www.brenntag.com/
https://www.yettel.bg/
https://www.cetinbg.bg/
https://www.dhl.com/bg-en/home.html
https://ciela.bg/
https://datecs.bg/
https://bse-sofia.bg/
https://biseroliva.bg/
https://stemo.bg/bg/
https://www.enco-vending.com/
https://toto.bg/
https://www.geotechmin.com/biznes-napravleniya/minnodobivna-deinost/elatzite-med-ad
https://multiforce.bg/
https://www.ip-arch.com/
http://www.aviationservices.bg/
https://vipsecurity.bg/
https://etemgestamp.com/
https://www.orbit.bg/bg/
https://www.devin-bg.com/
https://next-consult.com
https://rdservices.org/
https://www.unimasters.com/bg_BG/
https://vp-brands.com/
https://cashcredit.bg/
https://www.office1.bg/
https://techno-class.com/
https://sportal.bg/