GDPR Gap Analysis
To meet the requirements of the GDPR being introduced back in 2018, many organisations turned to world-wide-web for their general guidance and generic templates. Four years on, a large number of organisations are still using these generic templates such as Privacy Notices on websites.
Privacy Notices are the window into the organisation’s data protection process, but so often when an audit is conducted, it is found that these do not reflect how data is gathered, processed, stored, or shared and is often replicated in the disjointed implementation of the organisation’s data protection policies.
It is good to bear in mind that if an organisation were to have a breach or even a complaint that causes an ICO audit, could your documents and staff implementation demonstrate compliance with the DPA/GDPR Regulation?
An independent audit will compare the current practice of the organisation with the data protection regulations, the DPA 2018 and GDPR, and associated regulations such as PECR and will identify any gaps in the organisation’s compliance with the data protection regulations.
Forti5's trained staff will complete the independent audit that produces a roadmap that aids your organisation on its data protection compliance journey.
GDPR and Cyber Assurance are risk-based approaches. However, no two organisations have the same risk appetite, hence every risk assessment is unique to the organisation.
We will work with you to help develop and review your risk assessment; with GDPR we will help develop process flows of personal data and the risk of non-compliance; for cyber security, we assess the risk due to the complexity of the infrastructure, the type of assets and the security controls.
The risk assessment will enable you to make appropriate decisions on where to spend limited resources on solutions you can realistically implement to protect you against the identified risk and your risk appetite.
Training and Awareness
All organisations must ensure that their staff has the necessary knowledge and skill to undertake the role and task they have been given. One of the ways to demonstrate this is to implement staff training. The training sessions are delivered by qualified trainers who are also experts in the field.
Forti5 provides GDPR staff training and awareness sessions that are aimed at either all staff members, managers or directors and can be arranged at times to suit business operations.
These training sessions will provide staff with the knowledge and understanding of the fundamental principles, their application and the relevant laws. Through friendly, structured informative sessions with Q&A and case studies designed to familiarise all your staff with the critical practices of GDPR compliance.
To discuss and arrange a training session please go to the contact details below.
Monthly support and annual renewal: including regular check-ins to keep you up to date.
Firewall install set up (close ports, rules, etc. plus 2 factors) plus monthly monitoring.
Vulnerability testing websites/apps.
Penetration testing of networks.
Security awareness training
Audits and Gap analysis
GDPR awareness training
Security Training for managers and technical staff.
Help writing policies and procedures
Help writing process flows, this will require a visit to understand the organisation’s data flow.
Help to complete Risks Register: requires a visit to understand the organisation’s process and vulnerabilities.
Help to complete the DPIA: Requires a visit to understand the organisation’s process and vulnerabilities.