GDPR and Cyber Security

EU General Data Protection Regulation (GDPR)

The new General Data Protection Regulation (GDPR) enhances the rights of individuals over how their personal data is collected, processed, corrected and erased. In a recent survey carried out at the National Information Security Conference (NISC) 43% of the CISOs who responded believed that GDPR would be difficult to achieve due to lack of resources.

Sapphire provides a range of consultative services and technical controls to assist you to achieve compliance to the GDPR in the deadlines provided. From a Gap Analysis, to data and asset discovery, through to data classification and DPO as a service, GDPR is not a one-off project that will come to an end in May 2018 but an evolutionary process that will continue for many years to come. For further information around how we can help you to achieve GDPR compliance, please contact info@sapphire.net.

GDPR Consultancy

Sapphire provides a range of consultative services to help you to achieve compliance to the GDPR in deadlines provided.

Gap Analysis:
Sapphire will carry out a full Gap Analysis against the GDPR requirements and offer the client a compliance matrix, which will be the basis for developing a GDPR Improvement Plan.

Improvement Plan & Governance:
Sapphire will develop a GDPR Improvement Plan to allow the company meet their GDPR requirements. On completion of the plan, Sapphire will facilitate Governance meetings with Key stakeholders to monitor the progress of the company towards GDPR compliance.

Documentation:
Sapphire can assist in the creation of the required documentation for GDPR compliance. (E.g. Data Protection Policy, Training Policy, Fair Processing Procedure, Subject Access Request Procedure, Privacy Impact Assessment Procedure plus 20 more documents)

GDPR Assurance Services:
The DPO is similar but not the same as a Compliance Officer as companies are expected to be proficient at managing IT processes, data security (including dealing with cyber-attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data. The skill set required stretches beyond understanding legal compliance with data protection laws and regulations.  Monitoring of DPOs will be the responsibility of the Regulator rather than the Board of Directors of the organisation that employs the DPO.

Asset Discovery & Data Discovery

Asset Discovery:
Before your business starts to identify and locate its sensitive data, an asset discovery exercise can locate all devices and create an inventory. Visibility is key and having technology in place which enables efficient identification of data and where it resides, helping to determine risk is an important element of a successful data discovery exercise.

Data Discovery:
Sapphire provides visibility into how your business-critical data is processed. We enable you to monitor, manage and control data and utilise behavioural analytics and machine learning to discover broken business processes and identify employees that elevate risk to critical data: Identify data stored across your infrastructure, protect by managing and controlling data flows, respond and recover from incidents quickly.

Data Classification

Classifying data enhances your employee’s awareness of the value and sensitivity of the information they are handling. Metadata labels facilitate more effective application of data security, data management and retention policies. We can ensure your classifications are synonymous with your security policies and that sensitive data is easily searched for, identified and retrieved where necessary.

Data Leakage Prevention

Sapphire can help you to determine how your critical data is being processed across your infrastructure, whether on-premise, in the cloud or being accessed remotely. We can enable you to monitor, manage and control data and by utilising behavioural analytics and machine learning,  reduce the risk of a data breach or data leak within your organisation.

Let’s talk

When it comes to advising your business on GDPR compliance, our consultants have extensive knowledge within information security and data protection. Sapphire is able to benchmark your organisations level of compliance, providing you with the assurance that you are handling personal data safely. Sapphire has trained and qualified personal specialising in the Data Protection Act, ePrivacy Directive and NISD.

How can we help?