GDPR – Intelligent Risk Assessment

Most important, the GDPR – INTELLIGENT RISK ASSESSMENT (GDPR – IRA) is addressed to medium-sized companies with the goal of relieving them of the legal and economic risks that arise from the entering of GDPR into force. The company-wide assessment refers to the survey of the exact actual state of the entire process chain in data processing up to the IT service in or outside the company. Attention is paid to identifying potential risks arising from the handling of personal data in day-to-day business.

The GDPR – IRA is offered exclusively as an additional service to GDPR – Core Intelligent Assessment (GDPR – CIA) as this forms the necessary and solid basis for GDPR compliance. The absolute added value of the GDPR – IRA is to be able to observe the company as a hybrid enterprise with all business units, national and international branches as well as partnerships such as suppliers, service partners and customers. Liability issues in such complex organizations must be efficiently and completely clarified as well as the non-compliant treatment by third parties and branch offices as a liability risk to the company may redound. The resulting loss of reputation can endanger the long-term existence of the company!

The company-wide risk assessment according to EU GDPR

Therefore, our audit has to take place company-wide according to EU GDPR and includes all internal and external data processors. If necessary, branches abroad are included in order to ensure unexceptional compliance with the EU GDPR. It doesn’t matter whether the data processing takes place internally abroad or by third parties. The audit can be extended to Fourth and Fifth parties to ensure that outsourced third-party activities do not pose a risk to the company. This refers to complex ramifications that occur through outsourcing of activities in nearshoring and offshoring in order to optimize costs.

Greater efficiency through our SOFTWARE-based process

We bring to your company our standardized procedure Customized Information Gathering (CIG) from our software product ROBOTIC GRC | 365 and achieve prompt results that reduce the risk and protect your budget. At the end of the project, you will receive a meaningful final report including a catalog of measures, a detailed description of our approach including an exact evaluation of risk potentials by internal and external parties.

The quality of our work has weight and can be submitted to authorities if necessary. The obligation of control by the management can be proven in any case. The GDPR- IRA is recommended to be repeated at intervals of 12 to 18 months. The effort and costs decrease by 40%, since the setup for the first audit can be reused.

WHAT IS INCLUDED?

Assessment of contractual obligations according to EU GDPR

Our national and international assessment and its subsequent implementation includes a comparison of the actual current situation of all parties, the processing operations and their contractual coverage of all activities for the company as follows:

1. Complete exclusion of loopholes between legal and technical issues to ensure full compliance even in hybrid companies.

2. Clarify liability issues, specify due diligence requirements and demand their compliance both internally and externally.

3. Provide support for necessary renegotiations with internal and external companies.

Standardized procedure ensures permanent compliance

Our standardized procedure for GDPR, CIG, ensures that all involved internal and external data processors are subjected to the same high-quality audit and the respective field of activity is specified:

1. The obtaining of information works through automated processes, which allows the affected parties a limited choice of answers in order to be able to carry out the subsequent evaluation in a fair and legally compliant manner.

2. Answering the questions takes place online with system login and asks the respondent at the designated places, to upload the GDPR relevant documents.

3. The questionnaires answered are checked and documented by the use of a GDPR template (Master Template).

4. Existing risks are immediately recognized by means of a score card principle. Misconduct will be communicated to the affected parties immediately with the request to refrain from doing so and to carry out improvements promptly or to forward documents.

Through this approach, our client ensures that all parties comply with the careful handling of data. Additions based on country-specific laws can be adjusted to allow deviations to be viewed and evaluated separately. In this respect, our standardized approach is adaptable to a repeating GDPR IRA and supports amendments to the law by the possibility to restrain a period of validity in order to define delimitations and to observe them.

Automated cross-checking allows rapid review of improvements

If it turns out that parties or organizations fall below thresholds when reviewed by the CIG, the survey will be automatically followed up and monitored.

1. If the required scores are missed, a shorter interval will be granted so that the party interviewed can implement improvements for a better rating. With a regular repetition of the CIG, the control obligation should be ensured especially by risk-taking bodies or organizations.

2. Behind the automation, hides artificial intelligence often referred to as RPA (Robotic Process Automation). It has the determining advantage of being resource-efficient and of avoiding human subjectivity and negligence in appraisals.

3. Weaknesses are detected by the system itself and it has the intelligence to initiate self-inquiry. It recognizes the need for it by itself.