The General Data Protection Regulation (GDPR) strengthens the right of individuals in the European Union (EU) to control their personal data and requires organisations to bolster their privacy and data protection measures. It applies to organisations within and outside of the European Union (EU) that offer goods and services to the EU.
The GDPR and South Africa’s data protection law, the Protection of Personal Information Act (POPIA) enacted in 2013 are very similar.
Cloud Essentials has nearly two decades of experience in Information Management and Migration Solutions for large and medium enterprises.
Our approach to GDPR & POPIA projects is modelled around this experience, and we treat these projects with many of the same compliance and governance techniques and processes that we’ve used and developed over the years.
Enabling GDPR compliance pre- and post-migration to the cloud...
Recognising that many of the enterprises we work with are either planning a move to the cloud, or are in the early stages of being ‘in the cloud’, we take a two-pronged approach to delivering an effective, end-to-end GDPR solution.
Our focus is on delivering benefits across the board – not just ticking GDPR boxes.
For example, performing a data inventory and carrying out a clean-up of your data in advance of migration can massively speed up your transition and reduce ongoing storage consumption in the cloud.
An approach that empowers.
Our approach to a GDPR engagement involves the following high-level phases:
We help you understand your data, infrastructure, business processes & existing data governance framework. The focus is on performing a detailed inventory of personally identifiable information (PII) & other sensitive data & determining what’s required to ensure accuracy & enabling it to be erased, managed or rectified.
We will work closely with your legal & compliance departments and DPO to develop a new (or refine your existing) data governance framework. This may include defining a data classification framework, creating labels for sensitivity and retention management, roles and responsibilities for access, management and use of PII & ensuring data handling practices comply with the GDPR.
The objective of this phase is to protect PII from accidental or intentional loss, unauthorised access or disclosure, thereby ensuring its security, integrity & confidentiality. This involves implementing policies, risk mitigation tools & processes that enable you to respond effectively to a security compromise or data breach.
We will help you fulfil your GDPR reporting requirements that require new standards of transparency, accountability & record keeping.
This includes ensuring that the processing of PII is limited to specified, explicit & legitimate purposes.