GDPR Compliance Consulting - MD11 ICT Engineering & Consulting

MD11 in Consortium with
Institute for standards and technology Ltd. Belgrade

If you need help getting started on GDPR Compliance Project Implementation or you need DPO – Data Protection Officer Services contact us to begin with the first step.

Our privacy and ISO consultants helping companies and organizations to be complaint with the General Data Protection Regulation (GDPR) and to be conform with ISO standards. Contact our team of seasoned operational and technical specialists for packages to align with the business needs. The whole business mindset related to data protection and privacy is reshaped with the implementation of the GDPR.

The businesses are no longer able to use the personal data of consumers for unnecessary reasons. The organizations need to upgrade data security and management practices while using and processing personal data. Also, the businesses noncompliant with the law need to get compliant with the right kind of solutions, and organizations are obliged to make changes to policies, processes and contracts, as well as in technical and organizational measures which could be complex and significant.

How we can help you become GDPR compliant

At the time of designing the complex policies and workflows related to GDPR, a broad range of expertise is needed. It is advisable to contact our company for the best advice on compliance. The expert consultant team will ensure data protection and information security, in complex regulatory circumstances. Get in touch with our consultants and IT security experts and be compliant with the data protection law in the EU.

GDPR compliance solutions

GDPR Gap analysis

This unique service will identify areas your business needs to address in order to be GDPR Compliant. Get a detailed assessment showing your company’s current GDPR compliance position, and a remediation plan to address the gaps and risks with our GDPR gap analysis. Similar to an audit these assessments provide a compliance gap analysis but tend to be a lighter-weight approach than a full audit, meaning faster results and more time to implement recommendations.

GDPR Data mapping

Data mapping is a combination of your data inventory and your data flow. Data mapping is a system of cataloguing what data you collect, how it’s used, where it’s stored, and how it travels throughout your organization and beyond. Data maps require the input of nearly every department, especially IT, legal, marketing, and HR departments. Furthermore, documenting every bit of data should be closely supervised by either your data protection officer (DPO), or a senior member of your privacy team. Data mapping is not a one-time activity. While it should be carried out as soon as possible – especially if you’re subject to comply with the GDPR – data mapping is an ongoing activity that should be implemented into your regular business practices.

Data protection impact assessment (DPIA)

Under Article 35 of the GDPR, if you process data using new technologies, or in a way that potentially puts consumer rights and data at risk, you’re required to perform a data protection impact assessment (DPIA). Because you don’t know the data protection risks of introducing a new system or process you need to get an assessment of the data protection risks associated with your new process and a remediation plan to mitigate those risks. DPIA is a process designed to help you systematically analyse, identify and minimise the data protection risks of any project.

GDPR Training and awareness

If you need to make sure that staff and management understand their responsibilities under the GDPR we deliver our ISO/IEC 17024 certified GDPR training courses as well as awareness sessions specifically tailored to your company’s requirements.

find out more

GDPR Project Compliance implementation

The aim of the GDPR Project Compliance implementation is to establish comprehensive management system with audit assessment to evaluate and measure the compliance of your organization towards GDPR requirements. A GDPR Management System and audit assessment provides an efficient governance and an estimate evaluation of the ongoing processes in your organization in terms of risks and benefits which need to be considered in order to achieve compliance to the GDPR.

The implementation process with audit assessment duration will be determined based on the size of your organization, scope, and business & process complexity. We believe that GDPR management System with audit assessment is an important step at this stage of your organization growth in regards to the greater transparency and information of your clients about the concept of data protection and individual privacy rights. It includes Data protection frameworks, Policies and procedures, Data processor management, Information security, Incident management, International data transfers, Compliance documentation, etc.

GDPR compliance frameworks:

Organizations that do not already have a privacy compliance framework can use a standardised framework to demonstrate GDPR compliance. There are currently two recognised standards or frameworks that could be used: ISO/IEC 27001 and ISO/IEC 27701.

ISO 27001-compliant information security management system (ISMS)

The risks described above and similar regulations catching on elsewhere can also be viewed as an opportunity. The more regulations from different countries overlap, the easier it becomes to manage international compliance using international ISO standards:

ISO/IEC 27001 to establish and certify Information Security Management System within the organization
ISO/IEC 27701 to establish and certify Privacy Information Management System within the organization
ISO 27001 & ISO 27701 & GDPR to train and certify Internal Auditors within the organization

Globally, if the trend continues, these ISO standards will overlap with the GDPR more and more. Achieving GDPR compliance now will put non-EU companies well prepared to deal with any change that happens in the activity well prepared to deal with any change that happens in the data privacy and protection area, because even if they are not focused on the EU market, similar standards are likely to appear in their home markets sooner or later.

From its inception, the EU was designed to facilitate commerce across the continent. GDPR was drafted in that same spirit and offers companies the opportunity to unify their data privacy policies instead of having to fumble with disparate laws and standards that vary from country to country. Companies that are GDPR compliant will therefore have access to an entire economic zone which had a combined nominal GDP larger than that of China and only slightly behind the United States.