Compliance (GDPR, NIS2, ZoKB, audits)
We can help you with GDPR or NIS2. We offer a wide range of products and services to help you meet the main part of the requirements of the EU legislative standard. In many cases, such outsourcing is even more cost-effective.
General Data Protection Regulation
This is a significant tightening of regulation in the area of personal data processing. The new conditions within the organisation require not only the modification of existing processes related to processing, but also imply the mandatory implementation of a number of additional measures.
This European standard requires a very comprehensive approach to the whole issue of information protection, even though it only focuses on personal data. In the context of the automated processing of personal data, new obligations arise, leading to greater transparency, but above all security.
This can be achieved by adopting appropriate specific measures not only in the area of IT security, but also physical, administrative, organisational and procedural security. It is necessary to link all these areas comprehensively, so that the whole personal data protection operates as a unified system.
Adequate protection of personal data cannot be ensured without continuity between the governing documents, which are based on defined processes and procedures and are not supported by an appropriate organisational structure and properly applied technologies.
- We are an established security company; we have been successfully operating on the market for over 30 years
- We listen to our clients and adapt our services to their needs and time availability
- We implement complex security audits by combining several security disciplines
Not all measures need to be handled by your own in-house resources. Specialized experts can help you with many of them. In numerous cases, such outsourcing is even more cost-effective and time saving. The complexity of GDPR requires a comprehensive approach to data protection management.
GDPR compliance analysis
The basis for the correct implementation of GDPR requirements is a detailed comparison of the current state of data protection with the requirements defined by the regulation. This is the only way to ensure effective implementation of all GDPR requirements. We will prepare a detailed analysis and recommend the appropriate procedure and scope of implementation.
Design and implementation of processes and methodologies
GDPR is based on the principles of "privacy by design" and "risk-based approach". This not only requires the implementation of new security processes and methodologies within your organisation, but will often have an impact, for example, within the architecture of information systems and applications. This includes in particular procedures relating to security incident reporting, information obligations or the right to erasure. We will design and implement processes and methodologies customized for your organization's environment.
Preparation of management documents
An essential part of data protection is appropriate governing documentation (policies, guidelines, etc.) that your organization uses to demonstrate, among other things, compliance with the GDPR requirements. We will draft or modify governing documents to the necessary extent to comply with GDPR requirements, taking into account your existing internal policies and processes.
Implementation of technical measures
A fundamental requirement of the GDPR is to ensure the protection of personal data, guaranteeing its confidentiality, availability and integrity. To do this, it is necessary to implement sufficient technical measures to secure them or to identify security breaches (Data Loss Prevention, Network Behaviour Analysis, SandBox, cryptographic tools, etc.). We will design and implement appropriate technical solutions according to your individual needs.
Data Protection Impact Assessment
Data Protection Impact Assessment is one of the basic tools to ensure high security of personal data in any handling of personal data, such as profiling, processing of sensitive data or implementation of monitoring of publicly accessible areas, etc. We will assess your organization's obligation to implement DPIA and, if this obligation arises, we will suggest an appropriate way to implement DPIA into your existing (e.g., project) methodologies. We will also arrange the actual processing of the specific DPIA analysis, including any consultation with the Data Protection Authority.
Data Protection Officer - DPO
One of the new requirements of the GDPR is the appointment of a Data Protection Officer for obliged entities. This role requires a person with sufficient experience and expertise in the field of data protection and it is therefore recognized that there is a shortage of such persons in the market. This role can additionally be outsourced. This form of service will ensure that all DPO's duties are carried out using our experienced and vetted consultants.
Implementation of GRC solutions
The GDPR brings many sub-obligations, especially for large organisations processing huge volumes of personal data. In such cases, GRC (Governance, Risk and Compliance) solutions can be an essential element to enable effective data protection management and GDPR compliance, including compliance monitoring. We will ensure the optimal design and implementation of a suitable GRC solution not only for required the needs of the GDPR. For this purpose, we have a team of experienced consultants.
The new Cybersecurity Act should enter into force in October 2024. The Act will provide a one-year transition period for adaptation to the new requirements and their gradual implementation. Compliance with selected obligations will be required from the second half of 2024, while compliance with the remaining obligations will not be required until the second half of 2025. Despite the one-year transition period, now is a good time to start the preparatory steps leading to a functional cybersecurity governance process, which we will be happy to help you put in place.
For NIS2, we can help you with the following areas in particular:
We will analyze the current state of your organization with respect to cybersecurity. In particular, we will include an assessment of your information security management system, security documentation, asset management, risk management, vendor management, human resource management, change management and access control. As part of the analysis, we also assess cybersecurity event and incident management and business continuity management.
We offer risk analysis to identify and assess potential threats and vulnerabilities associated with your organization's assets. You will gain a clear understanding of the risks that could compromise your security.
Preparation or review of security documentation
We will draft or revise documents with respect to your existing internal policies. Specifically, we can help you create an incident management plan, recovery plan, impact analysis, security user guide, etc.
To increase the security awareness of your employees (from regular users, security administrators to senior management), we offer training tailored to the needs of your organization. In addition to face-to-face training, training can also be delivered via e-learning using entertaining video courses, culminating in a knowledge test.
We test your systems' ability to withstand cyber attacks. In the report, we will describe the weak points and suggest appropriate remedial measures to prevent real attacks.
Strengthening IT infrastructure security
We can help you identify weaknesses in the technical security of your internal network, implement security technologies such as firewalls or EDR solutions that can identify, monitor and respond to suspicious activity on endpoint devices.
The hardening policy has achieved the audit objectives and increased the security
Audits and sophisticated penetration tests for vulnerability identification for Škoda Auto
At T-Mobile, we performed security tests and audits
At Deutsche Telekom (T-Systems), we cover the areas of cyber security.
Implementation of security audits and penetration tests for ČEZ
At L'Oréal, we took care of business continuity management.
Ensuring analysis and support of the supervisory center at Centropol Energy
You May Also Like
- Robust multi-level user and data protection of Military Hospital Olomouc
- BUDVAR systematically increases its cyber security
- Kofola has cybersecurity under control
- Data of CENTROPOL ENERGY customers and employees is safe thanks to the DLP system
- The first four companies adopt the new name Aricoma
- Complete management of the corporate IT of MORAVIA PROPAG
- Modern and secure IT infrastructure with operational services for Arkance Systems CZ
- We have joined the EDIH NORTHEAST BOHEMIA consortium’s digitalization project
- Faster and safer login to computers and applications at the Jihlava Hospital
- Companies in KKCG's technology pillar are changing. Qinshift to be spun off from Aricoma
- Security and remote management of thousands of commissioners' mobile devices for Census 2021
- AC Identity - Identity Management for the city of České Budějovice
DO NOT HESITATE TO
Are you interested in more information or an offer for your specific situation?