There is no overarching standard like you have in the payment card industry (with the PCI DSS), or defined auditable process accompanying GDPR. As such businesses are challenged to define current compliance levels and come to conclusions themselves about the best way to achieve compliance.
Bytes have developed a range of GDPR auditing and compliance assessment services with specialist data consultancy partner Risk-X to aid in this process. Our services enable businesses to gain a clear picture of how compliant they are and strategies and processes they can adopt to improve that.
Current data singularity, accuracy, erasure & correction capability
Profiling of data store locations, clean up and design of storage
Document and design basis for data processing & consent collection
Legal counsel on basis of processing, storage and retention of data
Design of PII replacement solutions (tokenisation)
Privacy certification (ISO 29100) & privacy impact assessment
Assurance and penetration testing to assess solution strength
Designed in line with the international standard for the security of information – ISO27001, the premise of GDP Base is to identify what data you have and how you use it. Once you understand this then a Privacy Information Management System (PIMS) can be created to manage this data.
When you complete GDP+ you will have a workable Privacy Information Management System (PIMS) and be able to address the 12 key points that the UK Information Commissioner’s Office (ICO) has recommended that UK businesses should focus on to ensure that they can meet the new Regulation.
Extends work already completed to the operational, physical, technical areas of your business and considers their implemented state. Consultants look at the scope generated with the Base service and use ISO27001 (aligned with privacy frameworks) to review how your data is protected.
The GDP+ process looks at all areas of the business in scope for privacy information and provides a baseline of all controls in place. Further guidance is provided to allow you to remediate any failures. ISO27001 is a great standard to use for this and lends itself directly to privacy requirements.
To speak to a Bytes consultant about GDPR auditing, contact the Bytes Security Partnerships team Call us on 0845 075 0560 or email us at firstname.lastname@example.org