Hitachi

U.S.A.

Hitachi Group Global Network

Americas

Asia

Europe

Middle East and Africa

Oceania

Close

GDPR Compliance
You are here: Home \ Professional Services \ GDPR Compliance

GDPR Compliance Services

If you are a controller or processor of data from the European Union (EU) – even if you are located outside the EU (Canada, United States, the Caribbean, Australia etc.) – you need to meet General Data Protection Regulation (GDPR) compliance requirements.

 

Gap Analysis, Risk Assessment, and Recommendations

Do you need to assess your level of compliance with the GDPR or get actionable recommendations to help to become compliant?

By performing a gap analysis and risk assessment, you can identify the current privacy posture of your organization, understand where your business needs to focus on and what your risks in case of non-compliance are. Our data privacy experts can point you towards the measures that should be implemented to comply with GDPR regulations.

Every organization is different. Do you know what YOUR needs are?

Need to be GDPR Compliant? Ask for help:


Hitachi Systems Security recognized as key innovator in GDPR compliance and data privacy

MarketsandMarkets LogoWe are proud to have been recognized as major player and key innovator in the data privacy field by the research institution MarketsandMarkets. Our unique approach to helping organizations achieve GDPR compliance was highlighted in their 2018 study “GDPR Services Market by Solution, Service, Organization Size, and Region – Global Forecast to 2023”. The objective of the research was to determine and forecast the global GDPR services market, analyze growth trends and profile key market players such as Hitachi Systems Security.

What Our Customers Say

Where Are You At?

question mark

Don’t know where
to start

GDPR can be overwhelming and you need expert guidance to find out if and how the GDPR applies to your organization

gap analysis

Need Gap Analysis
and Recommendations

Testing where you fail to comply is a good first step to GDPR compliance, and picking the brain of our data privacy experts helps you go in the right direction

almost GDPR compliance icon

Almost GDPR
compliant

You have everything in place to achieve GDPR compliance, but need to review your measures and policies

map

Beyond
Compliance

You already comply with GDPR but want to ensure continued compliance with a holistic program that spans across all your compliance requirements

canada flag

GDPR for Canadian
Companies

You’re already doing business with the EU, are PIPEDA compliant and now need to align with the GDPR to continue your business in the EU

If your situation falls into one of the 5 scenarios above, we can definitely help you! See our complete offering below.

(If not, don’t worry – we can build customized data privacy programs for your business context and regulatory requirements.)

Where Are You At?

GDPR can be overwhelming and you need expert guidance to find out if and how the GDPR applies to your organization

Testing where you fail to comply is a good first step to GDPR compliance, and picking the brain of our data privacy experts helps you go in the right direction

You have everything in place to achieve GDPR compliance, but need to review your measures and policies

You already comply with GDPR but want to ensure continued compliance with a holistic program that spans across all your compliance requirements

You’re already doing business with the EU, are PIPEDA compliant and now need to align with the GDPR to continue your business in the EU

Pick What You Need

 GDPR Bank of hoursGap AssessmentPrivacy Compliance ProgramAdditional GDPR Compliance Services
Why?Our “GDPR by the hour” service was developed to offer organizations hourly consulting about GDPR compliance by our legal and IT experts.
Depending on your business context and needs, we can answer various questions about the GDPR, confirm your understanding of the GDPR and consult on how it may relate to your organization.
If you want to go beyond hourly consulting, determine exactly how the GDPR relates to your organization and which gaps you’re facing, we have developed a Gap Assessment as a first step towards GDPR compliance. Unlike the “GDPR by the hour” service, a Gap Assessment is a complete project with several pre-defined deliverables.A Privacy Compliance Program is a comprehensive program that was designed to help your organization define and evaluate all your privacy obligations (such as GDPR, PIPEDA, …) under one holistic approach. It includes a full Gap Assessment but also identifies your specific risks, provides a detailed remediation plan and proposes expert recommendations to help you improve your privacy posture.We also offer additional, customized GDPR compliance assessments and services, depending on your business context and needs.
See all services here.
What?• Answering specific questions about the GDPR

• Reviewing existing organizational measures for alignment with GDPR. This can include policies, standard operating procedures, guidelines, templates and registries throughout your business units.

• Conduct legal reviews of your data processing agreements

• Review your record of processing

• Review your residual third party risks from a privacy standpoint

• Review the lawfulness of your cross-data border transfer

• Developing training sessions for executives, management and employees

• Presenting GDPR-related information in conferences, seminars, etc.
Note: To be completed effectively, the auditor will need access to a document record of processing. Hitachi Systems Security can help you with this requirement of article 30 GDPR through a bank of hours.

1. Legal Assessment: This phase is necessary to qualify which data flows is subject to GDPR, and what are the requirements for each data flow.

2. Gap Assessment Understand the gap between your obligations and your actual privacy and security postures, taking into consideration the accountability requirements.
1. Record of Processing: Completion or review of your record of processing.

2. Privacy Obligations Mapping: This Statement of Applicability offers the opportunity to map all your privacy obligations from different legislations against one framework, such as how to manage your privacy compliance posture more effectively.

3. Statement of Applicability: A Privacy Compliance Program can include all your privacy obligations, whether regulatory or contractual. It can extend beyond GDPR, such as to include FACTA, HIPAA, PIPEDA, etc.

4. Creation of Gap Assessment Framework: Obtain a personalized gap assessment framework based on the obligations identified in the Statement of Applicability. Each company obtains a unique gap assessment framework based on a list of measures that is found in all the legal obligations in-scope of the Statement of Applicability.

5. Gap Assessment: Understand the gap between your obligations and your actual privacy and security postures, taking into consideration the accountability requirements.

6. Risk Assessment: This involves the identification of the measures defined as high, medium or minimal risk based. This identification is done through a risk analysis grid that takes into consideration the potential legal, financial, operational, and reputation consequences of non-compliance.

7. Remediation Plan:
Which measures to address
Obtain a remediation plan that takes into account your financial, human and technical resources, as well as your industry. The remediation plan will take into consideration the gap and risk assessment to create a roadmap towards compliance. This planner will become your privacy management tool, and will allow you to monitor and improve your privacy posture effectively and sustainably.

8. Experts’ Recommendations:
How measures should be addressed
Receive recommendations on the technologies and resources that should be considered to fulfill the gaps identified in the Privacy Compliance Program. There are different ways to address the breaches of compliance that have been identified, and Hitachi Systems Security can suggest how these should be addressed based on your business context.
• Data protection impact assessments

• Record of processing

• Data breach notification procedures

• Business continuity plans (“BCP”)

• Disaster Recovery Plans (“DRP”)

• Security audits and testing
To define depending on needs.
Available services: vulnerability assessments, risk assessments, penetration testing, social engineering, web app application assessment, cybersecurity posture assessment, control assessment

• Legal audits

• Privacy by design methodology

• Organizational measures (GDPR requirement listed in article 32)

• Privacy Training development
How much?The hourly rates for this service range between $175-$250/hour, depending on which level of guidance is needed (training, consulting, document review) as well as on the seniority and expertise of our resources.
Note: Projects require a minimum of 25 hours.
The price for a Gap Assessment is based either on a time/material basis and depends on your business context as well as the scope of the project.The pricing for a Privacy Compliance Program will depend on your business context, the scope of the project and the complexity of the data flows that are in scope.Pricing can be fixed or based on a bank of hours and will depend on your needs.

Do you now know what fits your needs and are ready to identify your privacy gaps, risk exposure and current privacy posture? Or are you still not sure what to do?

Why Hitachi Systems Security?

Some consulting firms suggest to do a data inventory, a corporate structure review or a data protection impact assessments prior to any other types of assessments. Unfortunately, not all organizations have the resources to start their privacy management by following these steps.

Our approach is different. We understand that GDPR programs differ depending on the context you are in, your industry, and your available resources. We provide personalized recommendations tailored to your specific legal and regulatory context. Instead of proposing a “one-size-fits-all” approach, we will review your situation to establish your privacy obligations and develop a GDPR compliance program that will be tailored to your business needs.

Vanessa Henri

Director of Legal Affairs and Compliance

Our GDPR Expert

Specialized in privacy laws, cyber security legal frameworks, and legal risk management.

The critical aspect of GDPR is the liability of each entity for its processors, which will fuel the demand around third-party risk management activities. Entities will be looking at drafting solid contracts and enforcing them by exercising their audit rights, creating a domino effect around the world for security requirements.

Who We Are

Headquartered in the Greater Montreal Metropolitan Area in Canada, Hitachi Systems Security strives to bring clarity to the jungle of today’s IT security solutions and compliance requirements. Thanks to our exclusive focus on information security and IT risk management, we have become a global IT Security Service Provider with clients in over 50 countries across the globe, who count on us to provide the right solutions for their businesses – quickly, effectively and with expertise beyond industry standards!

Beyond GDPR: Implementing a Comprehensive Privacy Compliance Program

Long-term Success Towards an Ongoing Compliance

Benefits

  • Borders-and-data

    Identification of Data Flows and Cross-Border Data Transfers Requirements

  • Benchmark Your Privacy Posture Identify Where Your

  • Identify Where Your Privacy Risk Exposure is Critical

  • Obtain a Roadmap and Strategic Recommendations for GDPR Compliance

  • 360° Privacy Compliance Expertise and a Control-Based Approach to Data Security

For more information on GDPR, read our blog articles:

TALK TO A SECURITY SPECIALIST

Protect your business today