隐私条例
Data protection regulations apply to many organizations processing 和/or storing personal data. At LBMC 网络安全, we want to make sure your organization is prepared. 很多你.S. companies have questions about how these regulations impact them, especi所有y pertaining to the types of personal data they store. 随着法律环境的变化, such as the passage of the California Consumer Protection Act of 2018 (CCPA) 和 most recently the Tennessee Information Protection Act (TIPA), companies of 所有 sizes are seeking guidance. We can help answer questions on US or international privacy regulations, 来帮助你遵守规则.
GDPR (General Data Protection Regulation) 合规 解决方案
GDPR applies to 所有 companies processing 和 holding personal data of data subjects residing in the EU, regardless of the company’s location. The enforcement date began on May 25, 2018, 和 because GDPR is the most important change in international data privacy regulation in 20 years, we want to make sure your organization is prepared. 很多你.S. organizations have questions about how GDPR impacts them, especi所有y pertaining to the types of personal data they have, how the GDPR defines personal data, 和 the new protection laws against that personal data.
LBMC 网络安全 can help you answer these questions, determine if your organization is a controller or 处理器 under GDPR (或两个), decide whether you need to assign a Data 隐私 Officer, 和 underst和 how GDPR can impact your organization even outside of the European Union (CCPA).
Our compliance 和 audit experts can help your organization with GDPR compliance in the following ways:
- GDPR适用性分析-LBMC 网络安全 can help your organization underst和 if GDPR applies. We will gain an underst和ing of your environment, your legitimate purpose in retaining personal data, 和 how you interact with EU citizens. This will involve a review of current data flows 和 interviews with key stakeholders.
- GDPR准备—A readiness assessment takes a deeper dive into how your organization is classified under GDPR. LBMC 网络安全 will assist you in determining if you are a data controller or a data 处理器 和 walk you through determining which legal basis for processing personal data best fits your company. 一旦打下了基础, we can find the impact of GDPR on an organization through underst和ing the current privacy maturity 和 data flows across an organization. We can also help you develop a list of GDPR compliance action items that should be taken, including defining whether your organization is a controller, 处理器, 或两个. We will identify key stakeholders 和 data flows, 评估合同义务, 和 implement GDPR into compliance program initiatives.
- Data Analysis 和 Classification—Our team can help your organization define 和 establish a data classification 和 labeling system, as well as review any existing data classification policies to ensure the protection of personal data as defined by GDPR to map out an ongoing compliance strategy. By conducting an inventory of sensitive data types 和 performing an analysis of information 和 inventory of data, we can then help you implement the appropriate controls to ensure GDPR compliance.
The Complete Guide to GDPR 合规
- What is the GDPR 和 Why Should It Be On Your Radar?
- How to Know if the GDPR Applies to You
- Three Major Differences in the GDPR 和 Other Regulations
- How You Can Become Compliant with the GDPR
- 如何LBMC 网络安全 Can Help You Become GDPR Compliant
Get your copy of the guide using the form below.
How 数据治理 Drives GDPR 合规
There are many processes you can put in place to achieve GDPR compliance, but they 所有 point to a larger concept—data governance.
你可以这样想:
If the processes your organization puts in place are puzzle pieces, data governance is the picture on the box you look to for guidance. It’s the big picture that makes 所有 the little pieces make sense.
那么,什么 完全 是数据治理吗??
数据治理 establishes an organization level control environment to govern how data is processed, 使用, 存储, 和保护. At a minimum, it encompasses the following:
- What information your organization processes
- 在那里进行处理
- 它是如何处理的
- The controls in place to ensure secure processing
How Can You Implement 数据治理 in Your Organization?
First, underst和 什么 type of information your organization processes. 这可能看起来过于简单, but it’s the starting point that will give you the most accurate picture of necessary next steps in your data governance program.
You should accomplish this step using both technical 和 conceptual tactics. 意义, you should conduct a technical analysis in which you analyze 所有 databases 和 information systems to determine or verify the types of information processed.
另外, you should conduct a conceptual analysis in which you lay out business processes to determine 什么 information is processed, 和 什么 happens to the information in the course of business.
You want to accomplish two things during this process:
1. 将信息分类.
如果你的目标是GDPR合规, you’ll want to focus specific所有y on “personal data,” which the GDPR defines as “any information relating to an identified or identifiable natural person (‘data subject’)”.
然而, 对于其他框架, you’ll also need to worry about confidential or private data, 所以一定要分类 所有 系统中的信息.
2. 创建数据映射.
除了知道 什么 type of information you process, you’ll also want to document 当 和 在哪里 这些信息被处理.
The goal is to create a high-level depiction of the storage 和 processing of 所有 data.
This is especi所有y helpful 当 addressing 第三十五条, which requires performance of a data protection impact assessment (DPIA) 当 processing “is likely to result in a high risk to the rights 和 freedoms of natural persons.”
The DPIA requires “a systematic description” of processing as well as an assessment of the necessity 和 risks of those operations, including risk-reducing measures. Underst和ing 什么 data you’re processing 和 how it flows through your organization will give you a head start on this requirement.
After you underst和 the “big picture” of 当, 在哪里, 和 how your organization processes information, you’ll need to make sure you have the appropriate control environment in place to manage that information. Your data classifications will help drive the rigor of the controls established to protect the data. Data protection is one of the GDPR requirements.
The GDPR also enforces strict regulations for 国际数据传输. Creating a data map to see 在哪里 personal data is transferred will 所有ow you to underst和 the safeguards currently in place 和 the controls you may need to implement moving forward.
另外, you will need to establish policies, 程序, 和 infrastructure to address individuals’ privacy rights.
例如, GDPR第15条 所有ows users to request copies of their personal information or have that information deleted entirely. Do you have the infrastructure to 所有ow ease-of-access to that information? 另外, do you have 程序 in place to define how that information is to be gathered 和 transferred to the requester?
最后,你需要 培训人员 in the policies 和 程序 使用 to guide appropriate data management. Although you may be able to implement the correct documentation 和 infrastructure to assist GDPR compliance, if employees don’t know how to use those structures, 他们变得无关紧要.
The goal of data governance is to gain control of your data—to underst和 完全 在哪里 it is, 如何使用, 和 the mechanisms for maintaining its security. It provides a big-picture compliance strategy that accomplishes the little details of data management.
GDPR即将出台, 和 while data governance can help you underst和 the path to compliance, 它仍然是压倒性的. LBMC’s GDPR compliance services can help you analyze 和 classify your data as well as provide action items to prepare you for compliance. 联系 us to learn how we can help you develop a GDPR-compliant control environment.