Are you ready?

0Days0Hours0Minutes0Seconds

General Data Protection Regulation (GDPR)

The European Union General Data Protection Regulation comes into force on the 25th May 2018. It will have significant impact upon how organisations store, manage and process Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII). On the 13th September the UK government introduced the UK Data Protection Bill to the House of Lords, which will “bring the European Union’s General Data Protection Regulation (GDPR) in UK law,” (Department for Digital, Culture, Media & Sport).

The directive will affect ALL countries processing European Union citizens’ data.

Kick start your compliance.

Many businesses are confused by the regulation of the GDPR and find them almost impossible to translate into a set of controls to implement across the organisation. With just one purchase you can now put in place the security baseline you need in order to meet the legislation and get compliant.

GDPR Security Threat & Risk Assessment is the process to define and to locate devices and systems that process, store or transmit Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII).

What we will do?

  • Identify the location of systems that process, store or transmit PII and SPII.
  • Carry out a Network Security Vulnerability Scan of the systems that process PII and SPII.
  • Identify security threats to the PII and SPII that you hold.
  • Provide a list of actions in order to address the threats and reduce your risk of a breach.

What will you receive?

  • A comprehensive report which details remedial actions in order of priority to mitigate security threats to your systems that process PII and SPII.
  • A certificate of validation of compliance.

GDPR Compliance Gap Analysis identifies what your business is currently doing to protect Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII). We compare that to what it must do to be achieve compliance to the GDPR.

What will we do?

  • Conduct on-site analysis of your controls compared to those required for compliance to the GDPR.
  • Interview your compliance stakeholders and confirm the evidence produced is suitable against that required by the GDPR.
  • Perform a vulnerability assessment of the external IPs associated with your network.
  • Create a detailed report highlighting the gap between your existing operations and controls and those that are required for compliance to the GDPR.
  • Create a list of activities, in order of priority, that your business needs to undertake to gain compliance.

What will you receive?

  • Our comprehensive gap analysis against the GDPR.
  • The report listing your current compliance status.
  • An initial Project Plan, detailing the specific actions required for compliance.
  • Identify the order of significance, allocated budget, resource and completion dates.
  • Telephone support from an information security compliance consultant.

GDPR Information Security Policies provide the security baseline for protecting Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII). Whether processed, stored or transmitted by your business.

What will we do?

  • Create a baseline GDPR information security policy for you to brand and implement.
  • Provide additional templates of recommended “control-level” procedures required for implementing the policies.
  • Conduct a workshop for stakeholders to ensure their understanding of the policies for implementation.
  • Telephone support from an information security policy specialist to answer any questions you may have.

What you will receive?

  • Customised GDPR Information Security Policies and recommended procedures.
  • A certificate of validation for compliance.
  • A half-day workshop for stakeholder understanding.
  • On-going advice and assistance regarding policy questions.

GDPR Subject Access Request Form is the template for a written, signed request from an individual to see information held about them. The Data Controller must provide all such information in a readable form within one month of receipt of the request and must not charge a fee for this request.

What will you receive?

  • A template Subject Access Request Form with your branding.

Network (External) Security Vulnerability Assessment Scanning is required to identify security vulnerabilities associated with the external-facing IPs of your network. Automated scanning technology is used to identify known vulnerabilities, such as configuration flaws, security patches and updates.

What will we do?

  • Provide security vulnerability scans each quarter of the external-facing IP addresses of your network for one year.

 What will you receive?

  • Following each scan you will receive a detailed report of the findings, documenting any vulnerability identified and recommendations for mitigating that vulnerability.
  • Telephone support from an information security consultant following each scan.
  • Rescan two weeks after the original scan to ensure recommended remedial actions were effective.
  • A certificate of validation of compliance.

GDPR Network Security Penetration Test is used for evaluating the security integrity of a network that processes, stores or transmits Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII) by simulating an attack.

What will we do?

  • Carry out one security penetration test of your network. 

What will you receive?

  • Detailed report of the findings listing any vulnerabilities identified with recommendations for mitigation.
  • Telephone support from an information security consultant to answer any questions you may have about the report or remediation.
  • Retest two weeks following the original scan to ensure recommended actions were effective.
  • A certificate of validation of compliance.

GDPR Website Security Penetration Test is to evaluate the security integrity of a website that processes, stores or transmits Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII) by simulating an attack.

What will we do?

  • Conduct an application-level security penetration test of your website.

 What will I receive?                  

  • Detailed report of the findings , including any vulnerabilities identified and recommendations in order to mitigate.
  • Telephone support from an information security consultant to answer any questions you may have about the report.
  • Retest two weeks following the initial scan to ensure actions were effective.
  • A certificate of validation of compliance.

GDPR Security Awareness Training is the process to ensure that your employees understand the risks to the PII or SPII your business processes and best practices to ensure that the security of this is sensitive data. Training is provided through an internet portal and explains in simple language the requirement for protecting this information, current hacking techniques used to get access to this data and best security practice for keeping it secure.

What will we do?

  • Deliver an easy to use, on-line (30 minute) General Data Protection Regulation (GDPR) Information Security Awareness Training Course for your employee’s to learn best GDPR security practice.

What will you receive?

  • Effective course content with consistent, simple and meaningful messages useful outside of the workplace and so more readily accepted by both non-technical and technical employees alike.
  • Company & employee information security training validation certificates for award and evidence of compliance.
  • Monthly information security awareness bulletins to be included in your businesses newsletters, intranet publications, or blogs.

Call 0121 468 0101 or enter your details below

Find Personal Identifiable Information in unstructured files

  • Automatically scan, identify and retrieve all PII and SPII in all documents stored within multiple systems.
  • Get an interactive dashboard to score the level of risk and exposure for PII and SPII and subject access requests.
  • Sensitive documents can be identified and workflows can be initiated for routing, classification, governance and quarantine purposes.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!