EU GDPR Program

EU GDPR Consultancy Services

ScanWave provides the following EU General Data Protection Regulation (EU GDPR) services:
  • Awareness session planning across company functions
  • Health check against central operations
  • Production of a coordinated strategy and roadmap
  • Remediation program for GDPR policies and procedures
  • Action forthcoming changes to the company culture
  • Conduct Data Protection Impact Assessment
  • Risk management for personal data stored, proceed or transmitted
  • Measure your current state of compliance with EU GDPR
  • Data Protection officer as a service
ScanWave believes that our approach and expertise will help you understand privacy requirements, your personal data environment, and how customers can avoid privacy breaches, and potential penalties.
ScanWave consultant team will provide you with confidence and assurance that your privacy risk management controls are designed appropriately and that the controls are mature enough to operate effectively in this changing legislative landscape.
 

Our High-Level Approach

ScanWave services for privacy and specifically around GDPR focus typically include the following services:
1- GDRP Awareness workshops covering the key changes coming with GDPR. Delivered to all key stakeholders across the business (Marketing, IT, HR, Finance, Security, Business Operations).
2- Data mapping identifies the personal data that is collected, created, received, processed, stored, and shared by an organization. It provides a view of how that personal data moves around the various internal/ external processes/ applications/systems.
3- GDRP Health check identifies the personal data that is collected, created, received, processed, stored, and shared by an organization. It provides a view of how that personal data moves around the various internal/ external processes/ applications/systems.
4- Strategy & Remediation tailored support to privacy programmers in whatever way works for clients, including providing external, independent representation on privacy steering groups. We offer a GDPR policy and procedure set that we can bespoke for clients.
5- Data protection as a service GDPR allows for the outsourcing of data protection, including the data protection officer. We can provide services such as privacy risk screening, data protection impact assessment, and GDRP remediation.
 

Strategy & Remediation

On-premise & cloud components will be examined by ScanWave expert team.
Through our strategy and remediation offering, we will be able to help assess your privacy risks according to business objectives and build a roadmap to remediation and compliance with the DPA (Data Protection assessment) and EU GDPR.

1. DISCOVERY PHASE

Data Mapping Health Check and DPIA

  • 1

    Map data flows across the business from collection of data, transfer to third parties backups, storage & deletion

  • 2

    Carry out a baseline assessment of the 9 Domains to identify where there are gaps against GDRP requirements

  • 3

    Identify Privacy risks and solutions for projects, services, processes, systems and applications

  • 4

    Identify Privacy risks and solutions for projects, services, processes, systems and applications

2. PLANNING PHASE

Strategy, Training and Awareness

  • 1

    Using the current and target state model for people process and technology define a cohesive plan

  • 2

    Determine the potential impacts on scope, cost, resources and time

  • 3

    Develop an understanding of the key risks associated with achieving milestones

  • 4

    Priorities the plan based upon the risk appetie and stance of the business

  • 5

    Commence training and awareness across the business

3. IMPLEMENTATION PHASE

Deliver Effective Change

  • 1

    Execute the plan-deliver on the people process and technology changes that have been scoped and agreed

  • 2

    Keep pursing the plan until all of the gaps identified have been remediated as per the intended operating model

  • 3

    Continue the process of training and awareness

4. OPERATIONALISE PHASE

Business as Usual

  • 1

    Ensure that the ongoing adherence to requirements is achieved via regular KPI reporting against stated SLAs (internal and third parties)

  • 2

    Continuously improve the operating model to ensure that it keeps up with any changing requirements

  • 3

    Continue to perform DPIA's

  • 4

    Continue the process of training and awareness
 

ScanWave EU GDPR Privacy by Design Overview

ScanWave services for privacy and specifically around GDPR focus typically include the following services:
Is a concept that integrates privacy into the creation and operation of new solutions, devices, IT systems, network, security and infrastructure, and even corporate policies. Developing and integrating privacy solutions in the early phases of a project identifies any potential problems at an early stage to prevent them in the long run.
Any action a company undertakes that involves processing personal data must be done with data protection and privacy in mind at every step. This includes internal projects, product development, software development, IT systems.
 

EU GDPR Privacy by Design Framework Foundational Principles

  • 1

    Proactivity and Prevention

    Privacy by design approaches the issues of privacy risks proactively. The issues must be prevented before they occur, and steps should be taken to mitigate the potential risks even before they become apparent. Poor security and privacy practices must also be recognized and improved early before they do any harm.

  • 2

    End-to-End Security

    Security and privacy of data must be ensured from the point of collection to the eventual destruction of data. At every point of in the data lifecycle, it must be continuously protected and accounted for. The aim is to ensure there are no gaps in data security.

  • 3

    Privacy as the Default

    The principle of privacy by default mandates that the users’ data must be protected without requiring their input. Individuals should not have to do anything to ensure their data is safe – it should be safe by default.

  • 4

    Full Functionality – Positive – Sum

    Privacy by design should not compete against design objectives and technical capabilities of the product. Instead, it should transform the non-privacy compliant objectives in such a way that their value increases due to improved privacy and security.

  • 5

    Visibility and Transparency

    The key to accountability (and GDPR compliance) is transparency. All stakeholders, partners, and coprocessors must be vetted, audited, and open to external verification.

  • 6

    Privacy Embedded into the Design

    Privacy must be embedded into technologies, operations, and information architecture in a holistic, integrative, and creative way.

  • 7

    Respect for Privacy

    The GDPR demands that individuals’ rights be respected by requiring their consent before their data will be used, giving them access to their data at all times, and allowing for easy consent withdrawal.
 

EU GDPR Privacy by Design Benefits

  • Maintain compliance for EU GDPR though the year
  • Privacy risks reporting for top management
  • DPIA (Data Protection Impact Assessment) Risk Treatments plans
  • More visibility on GDPR activities across all the departments in scope
  • Track your DPIA results and make sure Risk treatment plan implemented
  • Manage Data Subjects access requests in more effective
  • Build Data Subjects Request, and customers complains repositories
  • Protect the end customers from fines and penalties
  • Identify privacy processes and risk per business line

Ready to Get Started?

“Our specialists are ready to tailor our security service solutions to fit the needs of your organization. “