SERVICES
Data First - Defend your organization from within.
GDPR GAP Analysis
The General Data Protection Regulation audit will check whether the company complies with the standards set by GDPR, look for any potential risks to the data, and find out how these risks can be reduced. We have implemented and assisted with GAP analyses in different domains, such as Retail, Financial Services, Agricultural, Health Care.
Review of Policies and Procedures
As part of the GDPR GAP analysis, all policies within a company are reviewed. Within the GDPR implementation phase, necessary policies and procedures are reviewed or created in order to achieve and maintain GDPR compliance. We have created templates or specific policies and procedures for different departments of a company, such as Human Resources, IT, etc. Furthermore, there are several GDPR policies that are created for all employees, such as the General Personal Data Processing Policy.
Creating / Reviewing ROPAs
In order to ensure GDPR compliance, each department of a company must have a Record of Processing Activities. For example, any process within the Human Resources department that uses the information of employees must be recorded. The ROPAs must include information related to the records of consent, location of data, retention schedule etc. While working with clients, I have created ROPAs for several different departments within a company, such as IT, Operations, HR, and other specific departments depending on the industry of practice.
Supplier/ Vendor Relationship
An important part of data protection is the responsibility that falls onto companies regarding the security of personal information. When companies are controllers they are responsible for the protection of data. In contrast, most vendors and third parties used are processors of personal data, therefore not having any responsibility regarding the data. To ensure compliance, we have assisted companies in establishing the relationship between them and the third parties they used, based on which there are different approaches to be taken. Furthermore, we have created Data Processing Agreements (DPAs), offered third party questionnaires and held interviews in order to ensure that adequate measures have been taken to protect data. In this case, we have worked with several third parties within software development.
Creating/ Reviewing DPIAs
Data Protection Impact Assessments show the technical measures that a company has taken to ensure data protection regarding a specific application or process. Furthermore, this includes any recommendations to ensure an adequate level of data protection within the process. Based on the CNIL tool (French Data Protection Authority tool), I have drafted several DPIAs for: (1) the implementation of software applications, such as CRM or ERP tools, (2) the development of software applications in the healthcare industry, the commercial industry, and (3) the implementation of different intrusive processes, such as CCTV surveillance or GPS surveillance of employees.
Assistance in Privacy Related Issues
As GDPR consultants, we have offered advice on different compliance matters. For example, we have created an executive summary regarding marketing legislation special requirements in Spain and France for a client that thought of expanding its business. We have analysed the use of Facebook Pixel and Google Analytics offering different security measures in order to ensure a higher degree of data protection. Moreover, we have analysed the legitimate interest of companies (conducting LIAs - Legitimate Interest Analyses) in several commercial, marketing and IT processes.
Assistance in Cyber Related Issues
As cyber security consultants, we offered advice on different technical matters. For example, we have analysed the use of Facebook Pixel and Google Analytics offering different security measures in order to ensure a higher degree of data protection. Moreover, we have analysed and made suggestions on our clients' server technical measures.
Technical GAP Analysis
The technical audit will check whether the company complies with specific standards or the standards set by NIS Directive. We look for at the existing security measures and suggest potential measures that must or can be taken into consideration for improving the existing cyber security status of the company. We have implemented and assisted with GAP analyses in mostly within the Financial Services industry.
Reviewing TOMs
Technical and Organisational Measures are necessary in several national regulations and different standards. As cyber security professionals, we help companies succesfuly identify and implement TOMs based on each need.
ABOUT
Our Experts Are the Finest
Protego Data offers security, compliance & privacy technical support in any aspect of your company. We thrive in a fast-paced, dynamic and innovative environment, highly motivated towards delivering exceptional, resilient and adaptable results.
We ensure that the organization’s data is confidentially stored, that data integrity is ensured, and data is available at all times for the authorized users. We evaluate the informational systems of your company and help your business comply to applicable laws, policies and standards related to IT, Privacy and Data Protection.
Protego Data is certified in Information Systems Auditing and Privacy Technology. We are on a mission to offer you the solutions you need so to guarantee the highest quality of your products and services.
CERTIFICATIONS & ASSOCIATIONS
