VIRTUAL DATA PROTECTION OFFICER
GENERAL DATA PROTECTION REGULATION CAME INTO FORCE ON MAY 25TH 2018.
ARE YOU COMPLIANT? WHEN WAS YOUR LAST AUDIT?
General Data Protection Regulation came into force on May 25th 2018.
This new EU regulation has replaced the Data Protection Act.
Are your systems regularly audited, are your polices and procedures up to date?
It is essential to ensure your GDPR compliance and to gain ‘buy in’ from key people in your organisation.
TGDPR places greater emphasis on the documentation that data controllers must keep to demonstrate their accountability. Compliance will require organisations to review their approach to governance and how they manage data protection as a corporate issue.
Can you guarantee the Confidentiality, Integrity and Availability of your systems, do you have the correct policies and procedures, are your staff fully trained and aware of GDPR. Have your system been audited and penetration tested?
If not, can ICARIS Sentinel help.
Do we need a data protection officer?
Roles and Responsibilities
Who is responsible for information security?
Who is responsible for meeting legal and regulatory obligations?
Who is responsible for oversight of legal and regulatory obligations?
Who is responsible for contracts with data processors?
Who is responsible for identifying and managing privacy risks?
When was the last audit on your systems?
Data Protection Officers
Where does the role sit within the organisation
The DPO should sit within a Risk, Compliance or Governance function
Outside delivery functions of IT or Business
The role is about delivering compliance
You can't have compliance under the direction of the delivery team
Independent of the business with direct access to the Board
An effective DPO will ensure that Data Protection is on the Board agenda
Have your policies, procedures and systems been audited?
Polices need to be regularly reviewed and audited to ensure compliance.
Electronic system need penetration tests to ensure that they meet the security and integrity standards
Independent reporting on you internal reporting systems.
Electronic systems should be tested for robustness and integrity to ensure security
Regular penetration testing of firewalls, websites and cloud based systems
Phishing tests across the organisation
Internal structures tested for robustness, including folder structures, group structures and internal websites
Full independent reports on vulnerabilities
Why choose ICARIS Sentinel?
Fully qualified EU GDPR Practitioner
Experience in implementing and auditing GDPR requirements
Full online audit reporting tool
Full online system for recording policies / breaches / Subject Access Requests
Instant access to our advisors for guidance
Independent advisors to your organisation / no conflicts of interests
Dedicated advisor for your organisation
Reporting direct to Board Level
Full confidential service
Flexible service contracts
VirtualDPO Can help
We always want to hear from you at Icaris Sentinel. Contact us today to find the customized Data Protection, IT policies and procedures that best fit your organisations needs.
0845 075 8175
This website and its social media feeds content is copyright of Icaris Sentinel Limited Unit 5, Benner Road, Pinchbeck, Spalding, Lincolnshire, PE11 3TZ
Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:
You may print or download to a local hard disk extracts for your personal and non- commercial use only. you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material.
Individuals may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.
Organisations may not use, reproduce or exploit our content without our express written permission.
1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
User privacy and data protection are human rights
We have a duty of care to the people within our data
Data is a liability, it should only be collected and processed when absolutely necessary
We do not spam or support the practice
We will never sell, rent or otherwise distribute or make public your personal information