Determine scope of law and find out how much you comply with it’s requirements
Get qualified advice, evaluate control effectiveness, and draw up an action plan
Introduce pragmatic and effective control mechanisms, which are in line with existing risks
In the first stage of complying with personal data security regulations, a company needs to know what personal data it processes. Identify all communication channels from which it receives and / or sends data. Based on this process, the company needs to create a data inventory and assess privacy risks.
Once the data has been identified, redundant and outdated information should be deleted. The data should be classified and the following should be determined:
The purpose for which this data is being processed
After determining the volume and purpose of the personal data required by the company, data processing rules should be developed. Rules should be documented and shared across the company. Data processing risks should also be assessed and the responsibility of the data protection officer should be defined, who will monitor the compliance of the data processing within the organization with the requirements set by the regulation.
The company is obliged to take organizational and technical measures to ensure the protection of data from accidental or illegal destruction, alteration, disclosure, extraction, and any other illegal activity.
The security measures taken will cover issues such as:
More than 8 years of experience in the field of information security. Has been leading cyber and information security management system in BDO for 2 years. At the time, under his leadership, the international standard for information security management ISO / IEC 27001: 2017 was implemented.