GDPR Compliance: Swascan risk analysis

GDPR Compliance

The introduction of the Data Protection regulation caused several changes for companies. These changes are measurable in terms of Technology, Organization, Policy, Staff and Control Systems. Which steps do companies need to follow, which activities do company need to carry out in order to be compliant? It is now available Swascan GDPR Compliance services flyer that shows the path towards compliance.

GDPR Service

GDPR Consultation: professionalism and competence

GDPR Consultation

Swascan GDPR consultation covers several fields, all of them are managed by experts and pros.

  • Legal: lawyers and experts in the legal and regulatory field regarding Privacy and GDPR;
  • Governance: corporate governance pros with specific skills in Business Process Analysis and Policy Framework;
  • Information Security: cybersecurity experts with skills in design and implementation of Sercurity and Data Governance technologic Frameworks;
  • Risk analysis: risk assessment and risk management experts in terms of Organization, Process and Technology.

GDPR Compliance: the steps to follow

Swascan provides a modular path that allows companies to comply to the Data Protection general regulation (GDPR).

A STEP-structured path that allows companies to focus on preliminary activities for the review of organizational and IT processes, satisfying the requirements of the law.

GDPR steps

Start to be GDPR Compliant

  • Step 1: GDPR Assessment
  • Step 2: Assessment
  • Step 3: Data Impact Analysis

My Company is GDPR Compliant

  • Step 4: GDPR Governance
  • Step 5: Data Protection Officer
  • Step 6: Training and Maintenance

The goal is to ensure compliance to the regulation in a way that is effective, efficient, sustainable and coherent with the business reality.

A modular way to approach GDPR

GDPR consultation

Start to be GDPR Compliant: Assessment & Risk Analysis

Modules:

  • Start: GDPR Assessment
  • Assessment:
    • Data Assessment
    • Organizational Assessment
    • Technologic Assessment
  • Data Impact Analysis
    • Organizational / Legal Risk Analysis
    • Technologic Risk Analysis

Results:

  • Identifies the level of compliance providing a Privacy Compliance index
  • The mapping of the Processing Activities
  • Organizational Assessment. Assessment in terms of Policies & Procedures
  • Technologic Assessment. Assessment in terms of ICT Security Measures
  • Organizational and Technologic GDPR Gap Analysis
  • Risk Analysis to Identify, Analyze and Evaluate organizational and technologic risks.
  • Identification of the required activities, organizational and technologic measures for GDPR Compliance.

My company is GDPR Compliant: Ready for GDPR & Maintenance

  • GDPR Governance
  • DPO
  • Training & Maintenance

Results:

  • Writing the Legal Documentation
  • Writing the Policies, the Procedures and the Measures for Corporate Security
  • Scouting and Identification of the ICT Security Measures
  • Writing of The Record of the Processing Activities
  • Staff training Activities
  • Data Protection Officer – realted service
  • GDPR Framework Maintenance and Updating Activities

Start to be GDPR Compliant

Here you can see Swascan activities in terms of Assessment and Risk Analysis.

GDPR Assessment:

  • Objective:
    • Identifying the as is in terms of regulation requirements
  • Results:
    • Identifies the level of compliance providing a Privacy Compliance index
    • Highlights the flaws in the actual privacy management system and identifies the top-priority areas for compliance
  • Activities:
    • Interview
  • Output:
    • PDF Report

Assessment:

  • Objective:
    • Writing the processing activities inventory, the organizational structure, procedures, policies, security measures
  • Results:
    • Processing Activities Inventory
    • Inventory of the Data Processing purposes and methods
    • Organizational Structure Analysis
    • Inventory of the Policies and Procedures
    • Inventory of the physical Assets involved in Data Processing
    • Inventory of the IT Assets involved in Data Processing
    • Inventory of the Security Measures
    • Inventory and Analysis of Consents and Information to be provided
  • Activities:
    • Interview
    • Network inventory
  • Output:
    • Data Inventory PDF Report
    • Governance Inventory PDF Report
    • Regulation Inventory PDF Report
    • Technical Inventory PDF Report

Data Impact Analysis:

  • Objective:
    • Doing a Data Impact Analysis and a GDPR Gap Analysis
  • Results:
    • Organizational and Technologic GDPR Gap Analysis
    • Risk Analysis to Identify, Analyze and Evaluate organizational and technologic risks.
    • Identification of the required activities, organizational and technologic measures for GDPR Compliance.
  • Activities:
    • Interview
    • Vulnerability Assessment
    • Network Scan
  • Output:
    • Vulnerablity Assessment PDF Report
    • Network Scan PDF Report
    • Data Impact Analysis and Risk Analysis PDF Reports
    • Action Plan PDF Report

My company is GDPR Compliant

Here you can see Swascan activities in terms of GDPR Compliance and Maintenance.

GDPR Governance:

  • Objective:
    • Arrange the legal documentation, policies, procedures and technologic solutions for GDPR Compliance
  • Results:
    • Writing the Legal Documentation
    • Writing the Informatives
    • Writing the Offer Letters
    • Writing the Policies & Procedures
    • Identifying CyberSecurity solutions
    • Writing the Record of the Processing Activities
    • Writing the Data Breach policy
    • Writing the Privacy by Design Policies & Procedures
  • Activities:
    • Interviews
    • Writing of the Documents
    • Technologic Scouting
  • Output:
    • Legal Documentation – Word Documents
    • Organizational Documentation – Word Documents
    • Technologic Solution – PDF Document

Data Protection Officer:

  • Objective:
    • Supporting the company providing legal advice, organizational and technologic consultation as Data Protection Officer
  • Results:
    • Informing the controller and the people responsible for the processing about the duties deriving from data processing
    • Monitoring the implementation and the apllication of the politics of the controller in terms of data protection
    • Monitoring that the controller reports to the supervisory authority in case of data breaches, without any delay, in compliance with the regulation.
    • Monitoring the effectiveness, the efficiency and the application of the DPIA
    • Cooperate with the Supervisory Authority.
  • Activities:
    • Interviews
    • Audit
    • Intervention in case of need
  • Output:
    • Report of the carried out activities
    • Report of the identified criticalities

Training & Maintenance:

  • Objective:
    • Staff training and constant improvement and supervision activities
  • Results:
    • Staff training activities
    • Periodic Activities of Organizational Risk Analysis
    • Periodic Activities of Technologic Risk Analysis
  • Activities:
    • On-site training
    • Intervew
    • Vulnerability Assessment
    • Network Scan
  • Output:
    • Vulnerablity Assessment PDF Report
    • Network Scan PDF Report
    • Data Impact Analysis and Risk Analysis PDF Reports
    • Action Plan PDF Report