GET ASSISTANCE IN COMPLYING WITH THE GENERAL DATA, PROTECTION REGULATION (GDPR), EU.

Globtier is an international business consulting & IT managed service company composed of experts specializing in risk, Security tools advisory, IT and managed service consulting. We help solve problems in, operations, technology, network risks and compliance. Our highly trained, results oriented professionals provide a unique viewpoint on a wide range of perilous business issues for clients in the Americas, Asia-Pacific, and the Middle East.

Globtier is currently working with various organizations around the world to assist them manage their IT Services, Security implementations & assess the implications of the GDPR on their business, and establish successful compliance program that reflect the risk values of the organization. We recognize that there is no one-size-fits-all approach to GDPR compliance and that every business is different.

We are presently working with companies to perform top-down analyses of their business models to identify key risk zones. In addition, we are assisting managerial teams to define GDPR compliance strategies that seek to underrate the impact on future business plans, including those related to digital transformation.

WHAT IS GDPR?

Any data relating to identifiable individuals –employees, suppliers, clients etc.

  • Name
  • Addresses
  • Email Addresses
  • Telephone Number
  • Sensitive information

WHO ALL ARE AFFECTED?

Applies across all member states of the EU

Applies to all organizations processing the data of EU subjects –wherever the organization is geographically based.

DEMONSTRATING COMPLIANCE WITH GDPR

1

Requirement to implement appropriate technical and organization measures

2

Maintain Records on processing activities

3

Data Protection Impact Assessments

4

Requirement to appoint a Data Protection Officer

5

Data Protection by Design & Default

6

Codes of Conduct & Certification Schemes

HOW GLOBTIER CAN ASSIST?

GDPR MATURITY ASSESSMENT

Review current practices against GDPR requirements

  • Full data audits
  • Establish frameworks to address GDPR
  • Align to Best practices

GDPR TRANSITION PLAN

  • Develop a roadmap to smoothly implement GDPR once the gaps are known
  • Privacy policy

INTEGRATION WITH OTHER FRAMEWORKS

  • Mapping of current framework with GDPR
  • We will integrate GDPR framework with ISO 27001, Privacy practices, PCI DSS etc.

GDPR SELF-ASSESSMENT CERTIFICATION

  • Carry out a self-assessment review of your GDPR implementation against the requirement and issue a review / Certification report

DATA PROTECTION OFFICERS

We can provide data protection officers on a retainership basis to help with the implementations

  • Recruit a full time DPR if required

PRIVACY IMPACT ASSESSMENT

Globtier can perform one time or periodic Privacy Impact assessment as per the compliance requirements.

GDPR IMPLEMENTATION PROCESS :

  1. GAP ASSESSMENT

    We perform gap review against an exhaustive list of compliance.

  2. IMPLEMENTATION SUPPORT

    Data Inventory, DPIA, Training, answers to your queries.

  3. POLICIES & PROCEDURES

    Policies for Privacy Framework

    • Policies for Information Security Framework.
  4. COMPLIANCE AUDIT

    A GDPR readiness compliance audit report that can be shared.

WHERE TO START:


  • Each of the above phases can be optional and taken up in any order as per requirement.
    1. For example, implement GDPR on your own and take the Privacy policy Toolkit from us.
    2. Or, you can get a GDPR gap review only to learn what you need to comply with.
  • We can customize our offerings for each or any of the above four services.

GDPR- KEY DELIVERABLES

Milestones Deliverables
Gap Assessment
  • Detailed recommendation of gaps and weaknesses relating to GDPR and data protection regulations
  • A roadmap and overview of privacy program to meet privacy regulations
Personal Data Mapping
  • Data Flowcharts and Data Registers identifying all personal data across the company
Policies, Procedures & Implementation Support
  • Privacy Policy / GDPR policy along with key privacy notices.
  • Update to ISMS and Information Security Policies
  • Data Retention policies
  • Training material PPT and other awareness materials
  • Incident Reporting and Data breach handling and reporting procedures
  • Risk Assessments
  • Consent / Data request handling procedures
  • Privacy dashboards and reports to Senior Management and Board
  • All key forms, formats and templates to run the privacy program.
Training Session
  • One or two rounds of GDPR and Data Protection Trainings across the company through online mode.

GDPR PROJECT APPROACH – BASIC :

GAP ASSESSMENT

  • Evaluate the Privacy Culture and control environment
  • Assessment of Data Protection Maturity
  • Gap Review against GDPR regulation and articles applicable
  • Recommendations and roadmap
  • Review of information security framework / Ability to protect data

DATA PROTECTION FRAMEWORK

  • Privacy governance and privacy policy
  • Security Policies and Procedures
  • Training and awareness
  • Data Breach Handling and Reporting processes
  • Privacy risk assessments and controls
  • Reporting and Monitoring Controls

IMPLEMENTATION CHECKS

  • Outline implementation plan
  • Support in Closure of Gaps
  • One round of internal audit against GDPR compliance

DATA MAPPING & PRIVACY ASSESSMENT

  • Data Inventory -Identify personal data across business processes and IT systems
  • Review of data Inputs, processing and Outputs
  • Tag Data Assets
  • Client contracts, retention policy review
  • Use of third party vendors and data transfers

FINAL GDPR COMPLIANCE AUDIT AND TRAINING

  • Independent Assessment at operational and process level to GDPR guidelines
  • Issuing final assessment report
  • Half day or one day online training on GDPR regulation

DATA PROTECTION IMPACT ASSESSMENT (DPIA)


When your organization collects, stores or uses personal data, the individuals whose data you are processing are visible to risks. These risks range from personal data being stolen or unintentionally released and used by criminals to impersonate the individual, to worry being caused to individuals that their data will be used by your organization for unknown purposes.

A Data Protection Impact Assessment (DPIA) describes a process designed to identify risks arising out of the processing of personal data and to minimize these risks as far and as early as possible. DPIAs are important tools for negating risk, and for demonstrating compliance with the GDPR.

This document undertakes that a DPIA will be conducted for a defined project, rather than for an organization’s operations as a whole. A particular function of your organization, or a programme of changes to your organization’s operations as a whole, may be viewed as a project.

  • Conducting a DPIA will improve awareness in your organization of the data protection risks associated with a project. This will help to improve the design of your project and enhance your communication about data privacy risks with relevant stakeholders. Some of the benefits of conducting a DPIA are as follows:
  • Ensuring and demonstrating that your organization complies with the GDPR and avoids sanctions.
  • Inspiring confidence in the public by improving communications about data protection issues.
  • Ensuring your users are not at risk of their data protection rights being violated.
  • Enabling your organization to incorporate “data protection by design” into new projects.
  • Reducing operation costs by optimizing information flows within a project and eliminating unnecessary data collection and processing.
  • Reducing data protection related risks to your organization.
  • Reducing the cost and disruption of data protection safeguards by integrating them into project design at an early stage.

Data Protection by design means embedding data privacy features and data privacy enhancing technologies directly into the design of projects at an early stage. This will help to ensure better and more cost-effective protection for individual data privacy.

Data Protection by default means that service settings must be automatically data protection friendly. While long recommended as good practice, both of these principles are enshrined in law under the GDPR (Article 25).