Information Security compliance
- ISO/IEC 27001 assessment, gap analysis and certification support
- NIST assessment, gap analysis and recommendations
- Infosecurity Risk Analysis and mitigation
- Security policies and procedures
GDPR Privacy and Data Protection Compliance
- Privacy assessment, gap analysis and recommendations
- Privacy compliance management
- Data Protection Officer services
The General Data Protection Regulation (GDPR) has been approved by the European Union and, once it comes into force in May 2018, will introduce significant new rights over how personal data is collected, processed, and transferred by data controllers and processors. It demands significant data protection precautions to be implemented by organizations. The time to get ready is now, as the consequences of getting it wrong are significant.
Being non-compliant with GDPR will be very expensive. In addition to severe reputation consequences, there are regulatory fines of up to €20 million or four percent of the annual worldwide turnover for the organization. So there is a need for continual compliance with the GDPR, since a failed audit can have damaging financial consequences.
Company must appoint a data protection officer (Article 37), who can be an employee for one organization, a representative for a group of organizations, or an external consultant. This is mandatory for public authorities, and for organizations that meet one or both of two tests: core activities “consist of processing operations which … require regular and systematic monitoring of data subjects on a large scale,” or that special categories of data are processed on a large scale.
The data protection officer (DPO) must have “professional qualities,” “expert knowledge of data protection law and practices,” and the ability to perform the tasks detailed in Article 39. Such obligations include informing and advising the controller and processor (and employees) of their obligations under GDPR, monitoring compliance, and being the liaison person with the supervisory authority. The DPO must “directly report to the highest management level” (Article 38), and is to be afforded independence in carrying out his or her tasks.
We prepare you for the new requirements and consult you on its implementation. On behalf of your company, our external Data Protection Officers will:
- compile and maintain an overview of procedures
- conduct advanced monitoring analyses
- regulate the private use of email and Internet at the workplace
- assess contracts with service providers in terms of their compliance with data protection
- support marketing and advertising activities
- provide consulting on the protection of employee data
Our clients include small companies as well as enterprises in various branches and of different structures. Moreover, our consultants have the expertise to generate solutions secured under data protection law for various business areas.
Quality and pragmatic solutions:
MICSAR services employs highly specialised, experienced consultants in the field of data protection who promote pragmatic solutions and instill confidence by drawing on a range of interdisciplinary skills relating to data protection, law and IT.
By using an external data protection officer, you can benefit from their wide-ranging, in-depth experience and transparent costing provides you with a high degree of planning security.
You can release resources within your company and avoid any possible conflict of interests. Furthermore, you are able to strengthen trust among business partners an employees, and protect your competitive advantage.