EU GDPR – Core Intelligent Assessment

Our plus: The use of self-learning algorithms allows a scope of services that go clearly beyond the conventional GDPR assessment, especially regarding the essence of data protection issues. This affects the knowledge at which locations, in which infrastructure, on which storage media and storage locations, via which applications and processes is the personal data stored and processed. This is the foundation of every GDPR compliance. The more solid this foundation, the more gapless can the GDPR compliance be and the lower the corresponding liability risk.

Key challenges for the implementation of the GDPR

In organically grown IT environment the reliable, complete and therefore comprehensive overview of storage media, storage locations, applications and processes is often missing, in order to be able to check and implement a GDPR information or cancellation order by the subject concerned in accordance with the requirements.

The inventory of the IT infrastructure, virtually the cartography of the IT environment, is a fundamental requirement for coming to a GDPR compliance rule.

Security of personal data

a) Ensuring the data security and resilience of the systems according to the state of the art

b) Notification obligation of data breaches within 72 hours

High resource consumption to guarantee the rights of subjects concerned

c) Immediate or timely processing of requests for information

d) Effective implementation of requests for restriction and erasure

e) Documentation and required verification as the part of the reversal of the burden of proof

f) Automation of handling processes

Ensuring the GDPR compliance

Services within the EU GDPR Core Intelligent Assessment

1. Cross-location and organization-wide inventory of IT infrastructure with a focus on GDPR Relevance and creation of transparency regarding the storage and processing of personal data in IT systems. The creation of a holistic overview works simultaneously in 30 languages and eliminates the challenges of linguistic diversity during data processing in international companies.

2. Minimal involvement of the internal IT department and service providers. The service includes not only the entire service but also the deployment of the necessary hardware and software to prevent indirect costs. This comprehensive package guarantees a fast completion of the assessment and also protects internal and external resources.

3. Establishment of an OSI-10 layer, which continuously monitors compliance and reveals inadequate or lack of conformity (compliance) in the company.

4. Testing the data security and resilience of the systems.

5. Identification of relevant need to act even towards the data processing company prioritized according to risks, including guidance.

6. Control (governance) of the entire IT infrastructure and data management through a central information system, granular to the level of workplace-level applications and the ability to trace violations.

7. Increasing effectiveness and efficiency of information publishers, restrictions, contradictions and deletion requirements by concerned subjects by means of automated processes via a central data protection system.

8. Cost reduction – By using self-learning algorithms even demanding processes can be automated. Thus, the usually required high costs of resources and expenses for compliance with the GDPR can be significantly reduced.

9. Budget-saving assurance of GDPR compliance

The modularly structured assessment can be adapted to any field of activity and includes an industry-independent procedure. In the complex organizational structures this can be done in stages as well as in parallel depending on their structure. The central approach allows a cross-country coverage without the need to check it on site at the particular location. Implementation of new regulations without business disruption and aligned with business interests. The pace of implementation is adjusted to the strategic needs of the organization.

10. Reducing of critical risks

High penalties for violations of the GDPR up to 20 million Euro, or 4 percent of the achieved, annual turnover worldwide, in the last year.

– Private law claims also from the EU foreign countries.

– Liability of the management. In addition, the GDPR has provided a particular option of regression, as far as they process personal data.

– Risk of Liability for GDPR violations by Data processing companies and Service Providers.