GDPR
Compliance
The General Data Protection Regulation (GDPR) is a comprehensive European Union law that took effect on May 25, 2018 and regulates data privacy and security. The GDPR unifies other EU's data protection laws under a single umbrella. The GDPR objective is to protect personal data and protect the privacy rights of anyone who resides in an EU country or territory.
​
If you're an organization that collects, stores, or processes personal data on EU residents (regardless of location), you must comply with the GDPR. BitSpartan helps organizations become compliant with the GDPR by offering a range of information security and cybersecurity services that enable organizations to adhere to the GDPR privacy rights and data protection principles.
![gdpr.png](https://static.wixstatic.com/media/c12787_1b0256eb9be54683ba7ee30d6ff9437e~mv2.png/v1/fill/w_123,h_92,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/c12787_1b0256eb9be54683ba7ee30d6ff9437e~mv2.png)
Who is required to comply with the GDPR?
![receiving-files.png](https://static.wixstatic.com/media/c12787_99105371786f4078a60177b9bcf0bd90~mv2.png/v1/fill/w_110,h_118,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/receiving-files.png)
Organizations that collect personal data of EU residents
![storage2.png](https://static.wixstatic.com/media/c12787_2b4b93faed454c80a0a636b718261411~mv2.png/v1/fill/w_110,h_118,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/storage2.png)
Organizations that store personal data of EU residents
![transmit.png](https://static.wixstatic.com/media/c12787_693a031294d8414fb49096b0c2ee995c~mv2.png/v1/fill/w_110,h_118,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/transmit.png)
Organizations that transmit personal data of EU residents
![analyze.png](https://static.wixstatic.com/media/c12787_db0f35727302404e875ed42ae45c2678~mv2.png/v1/fill/w_110,h_118,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/analyze.png)
Organizations that analyze personal data of EU residents
What is personal data?
Information or collection of pieces of information that can be used to identify someone. The following are examples.
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
Name
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
Gender
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
Physical Address
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
IP Address
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
Eye Color
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
Location Data
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
Email Address
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
Political Affiliation
![pci4.png](https://static.wixstatic.com/media/c12787_b7d61a9558ff49beb691704e2105a229~mv2.png/v1/fill/w_45,h_48,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/pci4.png)
Ethnicity
The GDPR
Principles and Rights
![principles.png](https://static.wixstatic.com/media/c12787_7f7e603374d646fe87683052aab573c4~mv2.png/v1/fill/w_130,h_139,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/principles.png)
Principles
1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability
-
Purpose limitation
![rights2.png](https://static.wixstatic.com/media/c12787_72ba96f587834ab9a94f3826b0a17ccb~mv2.png/v1/fill/w_130,h_139,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/rights2.png)
Rights
1. Right to Information
2. Right of Access
3. Right to Rectify
4. Right to Erasure
5. Right to Restriction of Processing
6. Right to Data Portability
7. Right to Object
8. Right to Avoid Automation Decision-Making
![cybersecurity-hand-edit.png](https://static.wixstatic.com/media/c12787_0e112a5de924483685bac51961437416~mv2.png/v1/fill/w_49,h_24,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/c12787_0e112a5de924483685bac51961437416~mv2.png)
Basic U.S. Checklist
![checlist-white.png](https://static.wixstatic.com/media/c12787_aab47de9a2c34e15a90ff6b967ec4e9d~mv2.png/v1/fill/w_60,h_64,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/checlist-white.png)
Conduct audit for EU personal data
![checlist-white.png](https://static.wixstatic.com/media/c12787_aab47de9a2c34e15a90ff6b967ec4e9d~mv2.png/v1/fill/w_60,h_64,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/checlist-white.png)
Appoint a data protection officer
![checlist-white.png](https://static.wixstatic.com/media/c12787_aab47de9a2c34e15a90ff6b967ec4e9d~mv2.png/v1/fill/w_60,h_64,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/checlist-white.png)
Inform customers of purpose
​
![checlist-white.png](https://static.wixstatic.com/media/c12787_aab47de9a2c34e15a90ff6b967ec4e9d~mv2.png/v1/fill/w_60,h_64,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/checlist-white.png)
Designate a representative in the EU
![checlist-white.png](https://static.wixstatic.com/media/c12787_aab47de9a2c34e15a90ff6b967ec4e9d~mv2.png/v1/fill/w_60,h_64,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/checlist-white.png)
Data protection impact assessment, remediation and improvement
![checlist-white.png](https://static.wixstatic.com/media/c12787_aab47de9a2c34e15a90ff6b967ec4e9d~mv2.png/v1/fill/w_60,h_64,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/checlist-white.png)
Incident Response Plan
![checlist-white.png](https://static.wixstatic.com/media/c12787_aab47de9a2c34e15a90ff6b967ec4e9d~mv2.png/v1/fill/w_60,h_64,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/checlist-white.png)
Make sure data processing agreements exist with vendors
![checlist-white.png](https://static.wixstatic.com/media/c12787_aab47de9a2c34e15a90ff6b967ec4e9d~mv2.png/v1/fill/w_60,h_64,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/checlist-white.png)
Comply with cross-border transfer laws
Not all are listed here and not all are required. Our GDPR assessment will determine the requirements based on your business.
How we can help
If you are an organization just starting up or need a gap assessment done, we can help. BitSpartan helps organizations in achieving GDPR compliance through advisory and information security services. With our GDPR readiness and gap assessments, we will snapshot your current security profile, evaluate it against GDPR requirements, make recommendations, and assist in developing a roadmap to ensure a continuous compliance cycle.
GDPR Services
![assessment.png](https://static.wixstatic.com/media/c12787_42b1c6d74378491687a5dec329aac826~mv2.png/v1/fill/w_99,h_106,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/assessment.png)
Identify in Scope System and Process (i.e., personal data mapping, inventory)
![assessment2.png](https://static.wixstatic.com/media/c12787_66f8e69f43ac418298c55bb1ae6aba83~mv2.png/v1/fill/w_99,h_106,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/assessment2.png)
Cyber Risk Assessments, Penetration Testing
![looking.png](https://static.wixstatic.com/media/c12787_7a3545145bb74931a1d01e62580dc95e~mv2.png/v1/fill/w_99,h_106,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/looking.png)
GDPR Readiness and Gap Assessments
![action-fix.png](https://static.wixstatic.com/media/c12787_0fcc80a2cfec4e4687111208a14ccc4c~mv2.png/v1/fill/w_99,h_106,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/action-fix.png)
Our suite of services to maintain compliance
![fix2.png](https://static.wixstatic.com/media/c12787_f8545d2ca4e7463abe17914b1ef9cf1f~mv2.png/v1/fill/w_99,h_106,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/fix2.png)
Gap Remediation
​
![gap.png](https://static.wixstatic.com/media/c12787_7526c43973ac40cba465f71d4be5b6e7~mv2.png/v1/fill/w_99,h_106,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/gap.png)
Our suite of services to achieve compliance
![bottom-lock-no-line.png](https://static.wixstatic.com/media/c12787_9b90bea9c9ed4cc5ba86b26439392be6~mv2.png/v1/fill/w_67,h_35,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/c12787_9b90bea9c9ed4cc5ba86b26439392be6~mv2.png)
Ready for help?
We know what you're looking for and we know how to get you there. That's because, from a business perspective, we understand where you need to be. The majority of BitSpartan consultants transitioned from technical IT roles to management, where they provided governance, risk, and compliance expertise to top organizations in the private and public sector. In the field, all consultants are either CISA, CGEIT, CRISC, or trained and supervised by these certified professionals. Our strong technical and IT governance background, blended with assurance expertise, makes our team of consultants one of the best in the industry.