After nearly two years of having the GDPR in place, it is still unclear what requirements many of the provisions impose. At the same time, the number of complaints to the authorities is increasing, with the ease of filing a complaint being far easier and with a high level of publicity as to how to file than was previously the case. This leaves companies with a level of vulnerability as to how they should prepare themselves for any such filing against them.
The Challenge
Because the very nature of the GDPR creates the scenario of a company’s guilt until it proves otherwise, the onus is on every company to have the means to provide auditable proof of compliance.
The maximum level of fines that a Regulator may impose under the GDPR are punitive, but will vary according to how the Regulator perceives the company to have been managing its data up to and including the receipt of a complaint.
So how does a company meet the demands of the regulation such that it can provide evidence that it not only complies with the GDPR, but also is active in creating understanding within its operations of what is or is not permitted?
The Solution
What the Regulator is seeking from any company operating under the strictures of the GDPR is a proactive approach to understanding, managing and controlling risks to personal data. Historically, risk management has encompassed autopsy risk management, where an incident is investigated, the causes understood and remedies put in place.
However, with severe penalties likely for a data breach and a lack of a proactive form of risk management, companies need to demonstrate that not only have they assessed and controlled data risks, but also it is an active and ongoing process. Delivery of evidence that audits and controls have been undertaken will not free a company from prosecution. What is need is auditable proof that operations are constantly monitored for risk assessment and changes are made to reduce exposure.
Data Risk Foresight uses proprietary technology that constantly monitors business processes, electronic threats and extrapolates into future periods, providing you with the ability to forecast future actions that will be required to mitigate risks. Every change is logged, a warning of variance flags urgent actions required. Using our system logs provides you with the irrefutable evidence required to demonstrate not only your intent to comply, but also how data risks are managed in real-time.
CyCalc gives you the means to manage your company’s regulatory risks and reduce the threats posed by the filing of complaints.
