GDPR

EU General Data Protection Regulation

The General Data Protection Regulation (GDPR) is “designed to harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy.” GDPR legislation establishes consistent rules for managing personal data of EU citizens.

What does that mean for US companies?

GDPR applies to any organization that handles personal data of EU citizens. Data processors and data controllers alike, regardless of their geographic location, are subject to the regulations. If your organization handles personal data of EU citizens, you must comply directly with GDPR or the E.U.-U.S. Privacy Shield Framework, which provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

How Can Pratum Help?

The GDPR applies a significant amount of pressure to organizations that are processors of EU citizen personal data, which can be anything from a name, photo, email address, bank details, posts on social networking websites, medical information, or a computer IP address. These regulations are tough but not insurmountable. In fact, Pratum can help your organization in many ways to prepare for the May 2018 deadline. One of which is helping organizations comply with the Privacy Shield Principles and assisting them with self-certification for the US Privacy Shield program with the United States Department of Commerce.

Cybersecurity Services for GDPR

General Data Protection Regulation (GDPR) & Privacy Shield Controls Review

Pratum’s general controls review provides organizations with an understanding of how well they align with standards set forth by GDPR regulations set to be enforced in May 2018.

Services include:
  • Performing a data inventory to determine the scope of data and entities covered by GDPR and Privacy Shield requirements.
  • Identifying and register with an Independent Resource Mechanism.
  • Developing a privacy policy to meet EU GDPR and Privacy Shield requirements.
  • Performing 3rd party compliance review for self-certification verification process.
  • Generating materials required to complete the self-certification process for U.S. Privacy Shield.
Data Classification Review

Pratum performs a review of the data classification policy or standard and the effectiveness of its implementation. If no formal documentation exists, Pratum will draft a Data Classification Standard based on NIST SP 800-60 and FIPS 199. The security categories are based on the potential impact to an organization should certain events occur that jeopardize the information and information systems. The review will define the impact Low, Moderate, or High, based on the security objectives for information and information systems of:

  • Confidentiality
  • Integrity
  • Availability