If you are a controller or processor of data from the European Union (EU) – even if you are located outside the EU (Canada, United States, the Caribbean, Australia etc.) – you need to meet General Data Protection Regulation (GDPR) compliance requirements.
Do you need to assess your level of compliance with the GDPR or get actionable recommendations to help to become compliant?
By performing a gap analysis and risk assessment, you can identify the current privacy posture of your organization, understand where your business needs to focus on and what your risks in case of non-compliance are. Our data privacy experts can point you towards the measures that should be implemented to comply with GDPR regulations.
Every organization is different. Do you know what YOUR needs are?
We are proud to have been recognized as major player and key innovator in the data privacy field by the research institution MarketsandMarkets. Our unique approach to helping organizations achieve GDPR compliance was highlighted in their 2018 study “GDPR Services Market by Solution, Service, Organization Size, and Region – Global Forecast to 2023”. The objective of the research was to determine and forecast the global GDPR services market, analyze growth trends and profile key market players such as Hitachi Systems Security.
Vanessa Henri, Director of Legal Affairs and Compliance | LinkedIn
Specialized in privacy laws, cyber security legal frameworks, and legal risk management.
“The critical aspect of GDPR is the liability of each entity for its processors, which will fuel the demand around third-party risk management activities. Entities will be looking at drafting solid contracts and enforcing them by exercising their audit rights, creating a domino effect around the world for security requirements.”
“Conducting a GDPR compliance assessment has helped me better understand our privacy obligations when dealing with data from EU citizens. We don’t have offices in the EU, so I didn’t think we’d have to comply with the GDPR at first. Now I see clearer.”- Chief Risk Officer, Financial Institution
“Thanks to Hitachi Systems Security, we finally have a roadmap that helps us implement a privacy compliance framework across our many different divisions. Dealing with the team was a breeze!” – Director of Risk and Compliance, Retail Organization
Don’t know where to start
GDPR can be overwhelming and you need expert guidance to find out if and how the GDPR applies to your organization
Need Gap Analysis and Recommendations
Testing where you fail to comply is a good first step to GDPR compliance, and picking the brain of our data privacy experts helps you go in the right direction
Almost GDPR compliant
You have everything in place to achieve GDPR compliance, but need to review your measures and policies
You already comply with GDPR but want to ensure continued compliance with a holistic program that spans across all your compliance requirements
If your situation falls into one of the 5 scenarios above, we can definitely help you! See our complete offering below.
(If not, don’t worry – we can build customized data privacy programs for your business context and regulatory requirements.)
|GDPR Bank of hours||Gap Assessment||Privacy Compliance Program||Additional GDPR Compliance Services|
|Why?||Our “GDPR by the hour” service was developed to offer organizations hourly consulting about GDPR compliance by our legal and IT experts. |
Depending on your business context and needs, we can answer various questions about the GDPR, confirm your understanding of the GDPR and consult on how it may relate to your organization.
|If you want to go beyond hourly consulting, determine exactly how the GDPR relates to your organization and which gaps you’re facing, we have developed a Gap Assessment as a first step towards GDPR compliance. Unlike the “GDPR by the hour” service, a Gap Assessment is a complete project with several pre-defined deliverables.||A Privacy Compliance Program is a comprehensive program that was designed to help your organization define and evaluate all your privacy obligations (such as GDPR, PIPEDA, …) under one holistic approach. It includes a full Gap Assessment but also identifies your specific risks, provides a detailed remediation plan and proposes expert recommendations to help you improve your privacy posture.||We also offer additional, customized GDPR compliance assessments and services, depending on your business context and needs.|
See all services here.
|What?||• Answering specific questions about the GDPR|
• Reviewing existing organizational measures for alignment with GDPR. This can include policies, standard operating procedures, guidelines, templates and registries throughout your business units.
• Conduct legal reviews of your data processing agreements
• Review your record of processing
• Review your residual third party risks from a privacy standpoint
• Review the lawfulness of your cross-data border transfer
• Developing training sessions for executives, management and employees
• Presenting GDPR-related information in conferences, seminars, etc.
|Note: To be completed effectively, the auditor will need access to a document record of processing. Hitachi Systems Security can help you with this requirement of article 30 GDPR through a bank of hours.|
1. Legal Assessment: This phase is necessary to qualify which data flows is subject to GDPR, and what are the requirements for each data flow.
2. Gap Assessment Understand the gap between your obligations and your actual privacy and security postures, taking into consideration the accountability requirements.
|1. Record of Processing: Completion or review of your record of processing.|
2. Privacy Obligations Mapping: This Statement of Applicability offers the opportunity to map all your privacy obligations from different legislations against one framework, such as how to manage your privacy compliance posture more effectively.
3. Statement of Applicability: A Privacy Compliance Program can include all your privacy obligations, whether regulatory or contractual. It can extend beyond GDPR, such as to include FACTA, HIPAA, PIPEDA, etc.
4. Creation of Gap Assessment Framework: Obtain a personalized gap assessment framework based on the obligations identified in the Statement of Applicability. Each company obtains a unique gap assessment framework based on a list of measures that is found in all the legal obligations in-scope of the Statement of Applicability.
5. Gap Assessment: Understand the gap between your obligations and your actual privacy and security postures, taking into consideration the accountability requirements.
6. Risk Assessment: This involves the identification of the measures defined as high, medium or minimal risk based. This identification is done through a risk analysis grid that takes into consideration the potential legal, financial, operational, and reputation consequences of non-compliance.
7. Remediation Plan:
Which measures to address
Obtain a remediation plan that takes into account your financial, human and technical resources, as well as your industry. The remediation plan will take into consideration the gap and risk assessment to create a roadmap towards compliance. This planner will become your privacy management tool, and will allow you to monitor and improve your privacy posture effectively and sustainably.
8. Experts’ Recommendations:
How measures should be addressed
Receive recommendations on the technologies and resources that should be considered to fulfill the gaps identified in the Privacy Compliance Program. There are different ways to address the breaches of compliance that have been identified, and Hitachi Systems Security can suggest how these should be addressed based on your business context.
|• Data protection impact assessments|
• Record of processing
• Data breach notification procedures
• Business continuity plans (“BCP”)
• Disaster Recovery Plans (“DRP”)
• Security audits and testing
To define depending on needs.
Available services: vulnerability assessments, risk assessments, penetration testing, social engineering, web app application assessment, cybersecurity posture assessment, control assessment
• Legal audits
• Privacy by design methodology
• Organizational measures (GDPR requirement listed in article 32)
• Privacy Training development
|How much?||The hourly rates for this service range between $175-$250/hour, depending on which level of guidance is needed (training, consulting, document review) as well as on the seniority and expertise of our resources.|
Note: Projects require a minimum of 25 hours.
|The price for a Gap Assessment is based either on a time/material basis and depends on your business context as well as the scope of the project.||The pricing for a Privacy Compliance Program will depend on your business context, the scope of the project and the complexity of the data flows that are in scope.||Pricing can be fixed or based on a bank of hours and will depend on your needs.|
Some consulting firms suggest to do a data inventory, a corporate structure review or a data protection impact assessments prior to any other types of assessments. Unfortunately, not all organizations have the resources to start their privacy management by following these steps.
Our approach is different. We understand that GDPR programs differ depending on the context you are in, your industry, and your available resources. We provide personalized recommendations tailored to your specific legal and regulatory context. Instead of proposing a “one-size-fits-all” approach, we will review your situation to establish your privacy obligations and develop a GDPR compliance program that will be tailored to your business needs.
Headquartered in the Greater Montreal Metropolitan Area in Canada, Hitachi Systems Security strives to bring clarity to the jungle of today’s IT security solutions and compliance requirements. Thanks to our exclusive focus on information security and IT risk management, we have become a global IT Security Service Provider with clients in over 50 countries across the globe, who count on us to provide the right solutions for their businesses – quickly, effectively and with expertise beyond industry standards!
Identification of Data Flows and Cross-Border Data Transfers Requirements
Benchmark Your Privacy Posture
Identify Where Your Privacy Risk Exposure is Critical
Obtain a Roadmap and Strategic Recommendations for GDPR Compliance
360° Privacy Compliance Expertise and a Control-Based Approach to Data Security