OUR 3 GDPR SOLUTIONS

Basic Solution
It covers all the mandatory requirements of the Regulation
READY

Up to 50

FREE

Advanced Solutions
For organizations processing high sensitivity data
ADVANCED

Up to 150

FREE

Customized Solution
For organizations, demanding customized solution
ALL-IN

Up to 150

FREE

What is GDPR?

The General Data Protection Regulation (GDPR) is a new digital privacy regulation being introduced on the 25th May, 2018. It standardizes a wide range of different privacy legislation’s across the EU into one central set of regulations that will protect users in all member states.

Put simply, this means companies are now required to build in privacy settings into their digital products and websites – and have them switched on by default. Companies also need to regularly conduct privacy impact assessments, strengthen the way they seek permission to use the data, document the ways they use personal data and improve the way they communicate data breaches.

And, because it’s a regulation and not a directive, it is legally binding – meaning it cannot be opted out of, or ignored.

The EU’s new approach to online privacy puts individuals first, believing they should be protected and empowered, rather than exploited or ignored.

This new approach to data protection is the EU’s way of keeping companies big and small more accountable for their actions. EU regulators believe that companies have been exploiting personal data for their own gain and aren’t being transparent about how they were using it.

Why introducing GDPR now?

The main reason for introducing is because the current EU data privacy regulations are still based on a document that was first adopted in 1980 (later updated in 1995). This means that the data privacy principles that the EU works are outdated on don’t include considerations for social media, smartphones, or even advanced web technology (i.e Artificial Intelligence, Virtual Reality, etc). In addition, the current regulation is only a directive, so companies (and countries) could easily opt-out.

While consistency in data privacy regulations across Europe should be good news for all marketers, GDPR also comes with quite a few challenges that affect marketing teams – especially marketing teams that communicate to customers based in the EU.

How to comply?

This new approach to data protection is the EU’s way of keeping companies big and small more accountable for their actions. EU regulators believe that companies have been exploiting personal data for their own gain and are not being transparent about how they were using it.

What are the steps?

  1. Understanding how the new compliance obligations sit with existing data protection duties. Learn quickly and easily where the law is changing and what it means for you.
  2. Analysis & Planning
    • GAP Analysis
    • Privacy Impact Assessment
    • Risk assessment
    • Consultancy
    • Planning of the necessary technological measures
  3. Implementation
    • Define - Create and / or update internal rules
    • Development - verification of changes in the IT environment and data sets, business processes, internal controls, organization of work and accountability
    • Implementation - Testing the created rules and the developments
    • Internal Audit - General Verification of Compliance with GDPR Requirements

What are the key innovations for companies?

  • Disclosure notification - within 72 hours of an established personal data breach, the organization must notify the competent authorities.
  • Entitlement to access - upon request, organizations must provide electronically information about the personal data they process and store for a person
  • The right to be forgotten - gives citizens the right to request the deletion of their personal data by certain organizations and to stop their further dissemination
  • Data portability - gives citizens the right to request personal data provided to them to be in machine-readable form.
  • Privacy by Design - Organizations are required to include data protection measures right from the very beginning of introducing new systems. The personal data collected shall not exceed the data required to perform its duties.
  • Data Protection Officer - Introducing a new role in organizations whose main activities require large amounts of personal data to be in charge of internal data retention rules and compliance
  • Explicit consent to provide personal data

GAP analysis is actually an on-going audit to determine whether existing technology and organizational measures meet GDRP requirements.
Specific analyzes and assessments must be carried out in the field of:

  • Organization and reporting of processing of personal data
  • Degree of centralization of data protection
  • Data protection levels
  • Data coherence levels
  • Notification mechanisms for data compromise
  • Operation in international data transfers
  • Role and responsibilities for data protection
  • Total GDPR compliance level

What also includes analysis and planning?

Following the GAP analysis, our experts consult the implementation and implementation of organizational and technical measures and processes.
Depending on the organization's needs, this stage may include developing and implementing processes and procedures for removing inconsistencies in:

  • Defining the necessary changes in the business processes of data processing
    • Preparing to make changes to the IT data processing environment
    • Determining appropriate control mechanisms for data handling
    • Develop advanced reporting and notification mechanisms

 

Lirex uses a number of automated tools for Privacy Impact Assessment. Lirex team has extensive experience in risk assessment and process continuity consultancy, in deploying and supporting a number of solutions such as Next Generation Firewall, DLP, PKI, Two-factor authentication, Encryption, Application Control, Access Control, File & Data Transfer and many more , both on-premise and Cloud-based.

How does Lirex can help in implementation stage?

Lirex team can help your organization in the following stages:

  • Define - Create and / or update internal rules
  • Development - verification of changes in the IT environment and data sets, business processes, internal controls, organization of work and accountability
  • Implementation - Testing the created rules and the work done
  • Performing an internal audit - a general verification of compliance with GDPR requirements

 

LIREX provides penetration testing services, which represent the most realistic security and data protection test. As part of Lirex services are also outsourcing of monitoring and reporting, as well as implementation of monitoring systems, SIEM and Vulnerability Management. Lirex can help its clients with DPO training services and teams that are directly involved in the GDPR topic in the organization, as well as practical drills for staff involved in incident and crisis management.

What are the deadlines for the implementation of all stages?

The time for verification and implementation of the process may vary depending on various factors such as the level of processes already in place, the volume of the organization,
Lirex advises everyone to start this procedure as quickly as possible, as it may take more than 6-8 months, since the enforcement of the regulation already took effect.

 

Should we determine employee in the company to manage the process?

The GDPR introduces an obligation to designate a Data Security Officer (DPO). Almost all public authorities and structures will have to designate such an employee. This will have to be done by those administrators who regularly handle large-scale processing of different categories of personal data. For example, in the corporate sector, this will have to be done by all financial organizations, telecoms and others.

You don’t have a legal department?

Lirex works closely with leading law firms so that we can offer the most complete solution to companies that do not have legal departments to be able to secure this part of the GDPR requirements.

Have the companies in Bulgaria started to prepare for the introduction of GDPR?

Over the last few months, there has been a strong upturn in the corporate sector in Bulgaria. Lirex recognizes a growing interest in penetration testing services, which show the level of protection of the company from external interference by simulating different types of real attacks. Lirex already has a few customers who have turned to secure the entire technological process of introducing GDPR regulation in their companies.

LIREX will support you at every stage.

 

FOLLOW YOUR PRIORITIES WITH LIREX
CONTACT US