GDPR
Compliance
The General Data Protection Regulation (GDPR) is a comprehensive European Union law that took effect on May 25, 2018 and regulates data privacy and security. The GDPR unifies other EU's data protection laws under a single umbrella. The GDPR objective is to protect personal data and protect the privacy rights of anyone who resides in an EU country or territory.
​
If you're an organization that collects, stores, or processes personal data on EU residents (regardless of location), you must comply with the GDPR. BitSpartan helps organizations become compliant with the GDPR by offering a range of information security and cybersecurity services that enable organizations to adhere to the GDPR privacy rights and data protection principles.
Who is required to comply with the GDPR?
Organizations that collect personal data of EU residents
Organizations that store personal data of EU residents
Organizations that transmit personal data of EU residents
Organizations that analyze personal data of EU residents
What is personal data?
Information or collection of pieces of information that can be used to identify someone. The following are examples.
Name
Gender
Physical Address
IP Address
Eye Color
Location Data
Email Address
Political Affiliation
Ethnicity
The GDPR
Principles and Rights
Principles
1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability
-
Purpose limitation
Rights
1. Right to Information
2. Right of Access
3. Right to Rectify
4. Right to Erasure
5. Right to Restriction of Processing
6. Right to Data Portability
7. Right to Object
8. Right to Avoid Automation Decision-Making
Basic U.S. Checklist
Conduct audit for EU personal data
Appoint a data protection officer
Inform customers of purpose
​
Designate a representative in the EU
Data protection impact assessment, remediation and improvement
Incident Response Plan
Make sure data processing agreements exist with vendors
Comply with cross-border transfer laws
Not all are listed here and not all are required. Our GDPR assessment will determine the requirements based on your business.
How we can help
If you are an organization just starting up or need a gap assessment done, we can help. BitSpartan helps organizations in achieving GDPR compliance through advisory and information security services. With our GDPR readiness and gap assessments, we will snapshot your current security profile, evaluate it against GDPR requirements, make recommendations, and assist in developing a roadmap to ensure a continuous compliance cycle.
GDPR Services
Identify in Scope System and Process (i.e., personal data mapping, inventory)
Cyber Risk Assessments, Penetration Testing
GDPR Readiness and Gap Assessments
Our suite of services to maintain compliance
Gap Remediation
​
Our suite of services to achieve compliance
Ready for help?
We know what you're looking for and we know how to get you there. That's because, from a business perspective, we understand where you need to be. The majority of BitSpartan consultants transitioned from technical IT roles to management, where they provided governance, risk, and compliance expertise to top organizations in the private and public sector. In the field, all consultants are either CISA, CGEIT, CRISC, or trained and supervised by these certified professionals. Our strong technical and IT governance background, blended with assurance expertise, makes our team of consultants one of the best in the industry.