Business and IT adjustments
Since 25 May 2018, your organization must be compliant with the GDPR (General Data Protection Regulation), the European regulation on the protection of personal data. This mainly concerns processes at the business level, such as the way you deal with data from employees, job applicants, prospects and customers, or the procedures for sales and marketing. Essentially, this will also require modifications at the IT level.
In the longer term: a business audit and a change process
To ensure that you are completely ready for the GDPR in the end, it is best to have an audit carried out by a business consultant. Cheops can help you find a partner. Such an audit is generally in-depth and complex. So it could easily take several months to get the results of the audit: a report with recommendations.
As for implementing these recommendations, you can always rely on Cheops. However, we advise you not to wait for an audit report before taking practical steps, because you can get started on the IT side much faster.
In the short term: Quick Wins in IT
One of the requirements in the GDPR is that you as an organization make every effort to ensure that access to personal data is optimally secured. This is not yet the case in many organizations. After an initial interview and a security audit, Cheops can draw up and implement an action plan for you to get your company's IT security in order. We are talking about the 'basic hygiene' which is the same for every organization, such as managing passwords, antivirus, backup and firewalls. This also differs from the more advanced technological interventions that emerge from the business audit: these are specific to each organization. So, for instance, you may be recommended a SIEM solution (security information and event management), but this is certainly not absolutely necessary for every organization.