SUPPORT FOR COMPLIANCE WITH THE GDPR
Creasys supports public and private customers in the process of compliance with the GDPR (General Data Protection Regulation). The support provided includes:
- use of the proprietary EPICK™ platform – GDPR Compliance Form
- a set of specialist consultancy services
Support the customer organization:
- in the assessment phases of GDPR compliance;
- in the subsequent remediation management activities, operating on company processes and organization, ICT assets and processes.
To achieve these objectives, the GDPR compliance approach uses a methodology that is divided into 6 phases as follows:
- A GDPR General Assessment, carried out at a high level in advance and with rapidity characteristics at an early stage, extended to the main areas of interest in the GDPR field;
- 5 phases of detailed analysis on specific dimensions of interest for GDPR: Data Analysis, IT Governance, Applications, Technology and Organization.
A. An expert advice is particularly focused on:
- Analysis of the organization’s strategy, processes and resources, compliance with the GDPR mandatory requirements and the related voluntary requirements.
- Analysis of customer applications for verification to process sensitive data.
- Support for the choice of IT security solutions required to manage sensitive data.
The consultancy is provided by a team of experts in governance and risk management in the client’s reference sector, GDPR compliance, legal affairs and training.
B. GDPR Compliance Module of the Governance, Risk e Compliance EPICK™ platform developed by Creasys. The main functions of the module are:
- Compliance Assessment: to identify the GDPR level of compliance of the client organization and monitor the compliance process over time.
- Register of Treatments: to track and monitor treatments and key information in accordance with the new Data Protection Regulation.
- Software Evaluation: to automatically analyze the level of adequacy of software applications from a data protection by design perspective.
- Remediation Plan: to define and implement the remediation measures that optimize the overall cost/benefit ratio.
- Reporting: for the automatic generation of reports for the various stakeholders of the adaptation process.
- Realistic and complete assessment of business risks: risks are estimated in economic and financial terms considering: the sanctions envisaged by the GDPR (actual risk assessed in relation to the state of application of the standard); the effects on: business continuity and reputational damage.
- Optimization of the cost/benefit ratio of remediation plans: identification of remediation measures (benefits + costs + time); definition of Remediation Plans (by Portfolio Management).
- Optimization of investments in compliance: enhancement of the analysis and remediation work carried out and its integration into the proposed model.