// Compliance
Effective management of data security and compliance
Cyber security threats, new and ever-more stringent regulations: the approach to security and compliance is an increasingly central and critical topic, which requires a genuine security-by-design strategy in order to safeguard a company’s business model.
Today, it is fundamental to adopt guidelines allowing the security systems which the company has invested in to be managed correctly, outlining the procedures and tools to adopt in order to comply with applicable data protection regulations.
In order to meet this requirement, Var Group’s Digital Security division supports companies throughout all phases of this management, offering a complete service tailored to the specific requirements of each client in order to identify the major risk areas linked to data security, define the measures to adopt in order to meet regulatory requirements, and ensure continuous improvement.
Personal Data Protection
The General Data Protection Regulation (GDPR) assigns responsibility for users’ personal and sensitive data to European companies, with the obligation to take every effort possible to protect them. The regulation requires, for example, notification to data protection authorities within 72 hours in the case of any possible breach of personal data. Penalties for companies breaching the provisions of the GDPR are very strict, and can be as much as 4% of global turnover or 20 million Euros.
In terms of protection of personal data, the GDPR has introduced a series of indications and requirements which allow for a range of technical solutions to be used. Correct analysis of the corporate processes and processing performed, starting out with mapping of the processes and personal data processed, allows requirements to be established which can be used to identify and manage the security systems in use and evaluate the adoption of technologies to provide cyber resilience.
The definition and application of controls to ensure correct ISMS management allows the company to be compliant when faced with controls which can also come about following any security incidents, such as ransomware attacks, data theft, unauthorised access or data breaches in general.
Services
We offer a tailor-made approach in order to take on your company’s conformity challenges, including methodologies and tools to manage the risks relating to data security and internal control and management of legal and regulatory conformity.
// GDPR Consultancy
A complete and multidisciplinary consultancy service which includes analysis, implementation and drafting of all documents and procedures required to ensure your company’s compliance with the requirements of the GDPR.
// Gap Analysis – Privacy Assessment
To highlight any gaps in the privacy management system implemented in your company and define the intervention priorities for compliance with Regulation (EU) 2016/679 (GDPR).
// Remediation
For operational support in all phases of plugging your company’s compliance gaps and in the actions required to fully comply with privacy legislation: redesign of the processes, formalisation of policies, population of processing records, Data Protection Impact Assessments, raising awareness on privacy within your company.
// Risk Assessment
To identify the potential risks the company is exposed to, assess their impact and establish action plans on the basis of their likelihood of occurrence. Our experts will help you identify, measure, control and manage these risks.
// Privacy Audits (system administrator, health file …)
We check the correct implementation of privacy regulations in your company and by your suppliers, with the goal of reducing the risk of punishable conduct, by carrying out a compliance assessment of the company in terms of processing of personal data, from the documentation produced to the data flows, both from an electronic and IT perspective and in terms of hardcopy documentation.
// Data Protection Officer (DPO) Service
We offer our certified expertise and many years of experience, both from a legal and IT perspective, to support companies requiring a Data Protection Officer.
// Regulatory Maintenance/Updates
For continuous monitoring and updating of company procedures and documentation, with a view to reducing the risk of punishable conduct. The frequent legal and regulatory updates are studied and applied to your company’s unique situation to ensure it always remains compliant.
// Annual Audits
The annual compliance auditing service includes all mandatory legal requirements, for example maintaining the data processing register, creation of compliance reports in real time, updating of training plans, checking the work of the system administrators, periodic access checks on complex systems (for example for the data contained in electronic medical records and files), as well as providing a reminder of subsequent compliance deadlines.
// Remote GDPR / DPO Support
We offer GDPR consultancy for all queries via a ticket-based support system, or via webconferencing sessions.
// E-Learning
Find out more about our e-Learning course modules in order to comply with regulatory employee training requirements, and more importantly to ensure an appropriate level of knowledge on data protection matters for those in the company who process such information in a continuous manner.