General Data Protection Regulation (GDPR)

Quick facts about GDPR

• New EU regulation (GDPR) applies to any organization in any country where personal data of EU citizens is processed, replacing previous Data Protection Directive.
• Need to report data breaches to Supervisory Authority within 72 hrs, and without undue delay to affected person if it is likely to result in a high risk to their rights and freedoms.

• GDPR requirements are enforceable from
25 May 2018.
• Increased rights of people to check accuracy and request own data to be erased, will

take your time & effort to complete subject access requests.

• Most organizations need to have a trained Data Protection Officer (DPO)
• Supervisory Authority may audit your Data Protection policy and processes, to check compliance with the GDPR requirements, and issue fines for breaches of regulation.


How BSI Info-Assure can help

Through our Cyber Security & Information Resilience (CSIR) team, BSI Info-Assure provides data protection & privacy advice and support to expedite the client journey to achieve compliance to the GDPR.


We will:

1. Arrange a site visit to review your current data protection status & identify any gaps

2. Agree the Project Plan timing and deliverables, then arrange to Kick off the project

We can:

1. Conduct Workshops to improve awareness of EU legislation and Data Protection Framework

2. Conduct Gap Analysis to identify gaps and create a Plan of Action to address risks

3. Provide Data Protection Officer services, or qualify your own resource to CIPM, CIPP/E

4. Design and implement Data Protection framework (policies, procedures, metrics)

5. Provide technical solutions & controls (eg. penetration testing, vulnerability scanning)

6. Conduct Internal audits and Data Breach investigations 7. Conduct Privacy Impact Assessments, Subject Access Requests, Penetration Tests


What Services can BSI Info-Assure offer?


A. Data Protection support to identify gaps & implement Privacy Programme with policy, processes, systems & measures

B. Data Protection Officer placement with practical knowledge of GDPR legislation and how to apply it

C. Data Protection & Privacy Impact Assessments (DPIAs) to identify where the key risks are and highlight areas to focus on

D. Data Protection internal audits, preparation for external audits by Customers or Authorities, and review of effectiveness of metrics

E. DP Training & Awareness, for staff & including Board level

F. DP Best Practice, support for continual improvement


The Client Journey


BSI has a specialist Cyber Security and Information Resilience (CSIR) team who are trained to help you identify your Data Protection gaps and qualified to support your organization to implement changes to meet the requirements of the EU General Data Protection Regulation (GDPR) or other local Data Protection or Privacy legislation.


BSI Info-Assure Ltd Building A8

Cody Technology Park

Ively Road



GU14 0LX

Tel: + 44 (0)1252 912444

[email protected]

© Copyright 2017 BSI Info-Assure Ltd All rights reserved.