Assessment of the adequacy of data protection (GDPR) measures
Service
Data controllers and processors must comply with the requirements of the General Data Protection Regulation (GDPR) and apply appropriate organizational and technical measures for the protection of personal data when carrying out personal data processing operations.
In order to assess the adequacy of the minimum technical and organizational measures for the security of personal data, it is recommended to carry out their assessment in accordance with the guidelines of the State Data Protection Inspectorate (SDPI).
Under Articles 24 and 32 of the GDPR, organizations are required to carry out a risk assessment in all cases.
Organizations must choose data security measures to ensure compliance with GDPR, taking into account the state of the art, the cost of implementation, the nature, scope, context and objectives of the data processing and the risks to the rights and freedoms of natural persons. Therefore, we recommend that organizations additionally perform Compliance assessment services of the legal acts of the Republic of Lithuania regulating information security and cyber security and compliance assessment services in accordance with the requirements of Lithuanian standards ISO/IEC 27001 and ISO/IEC 27002, which will help to determine the appropriate level of information security and cyber security.
Data controllers and processors must implement appropriate technical and organizational data security measures to ensure a level of security commensurate with the risk. Infringements of the GDPR may result in administrative fines of up to 2 – 4%. the total annual worldwide turnover of the preceding financial year, or up to EUR 10 000 000 to EUR 20 000 000.
Process
- We gather evidence and information
- We value organizational and technical measures
- We perform a risk assessment
- We perform a compliance assessment
- We prepare recommendations for eliminating non-compliance and managing risks
The result
- Assessed compliance. Compliance in accordance with the guidelines of the State Data Protection Inspectorate has been assessed. A compliance assessment report has been prepared, which details the non-compliances identified during the compliance assessment with the requirements set out in the guidelines of the State Data Protection Inspectorate and recommendations for the elimination of the identified non-compliances
- Assessed compliance. Compliance in accordance with the information security and cyber security requirements established in the legal acts of the Republic of Lithuania has been assessed. A compliance assessment report has been prepared, which details the non-compliances identified during the compliance assessment with the requirements of the legal acts of the Republic of Lithuania and recommendations for the elimination of the identified non-compliances
- Assessed compliance. Compliance in accordance with ISO 27001 and ISO 27002 requirements has been assessed. A report on the assessment of compliance with ISO 27001 and ISO 27002 has been prepared, which details the non-compliances identified during the compliance assessment of ISO 27001 and ISO 27002 requirements and recommendations for the elimination of the identified non-compliances
- A risk assessment has been performed. A list of personal data has been prepared and an impact assessment has been carried out. A risk register and a risk assessment report with a risk management plan have been prepared
Benefits
- The adequacy of organizational and technical measures and compliance in accordance with GDPR requirements were assessed
- Risks have been identified and assessed and a plan of measures has been prepared
- Compliance in accordance with GDPR, SDPI and ISO 27001 and ISO 27002 standards is ensured
Customer reviews
- A Compliance Assessment Project Has Been Implemented in the State Tax Inspectorate
- A Compliance Assessment Services for Government Information Resources and Communications and Information Systems Managed and Managed
- National Health Insurance Fund User Identity and Rights Management and User Registration and Control System Implementation Project
- Independent Electronic Health Services and Collaboration Infrastructure Information System (ESPBI IS) Security Audit Project of SE Center of Registers
Links
- General Data Protection Regulation (GDPR)
- 2020 June Version 3 of the Guidelines of the State Data Protection Inspectorate “Guidelines on Data Protection Measures and Risk Assessment of Processed Personal Data for Data Controllers and Data Processors”
- The international standard ISO/IEC 27001
- The international standard ISO/IEC 27002
- Compliance assessment services of the legal acts of the Republic of Lithuania regulating information security and cyber security
- Compliance assessment services of the legal acts of the Republic of Lithuania regulating information security and cyber security
Contact person
Ernestas Lipnickas
Mobile: +370 (605) 44 444
Email: ernestas.lipnickas@adwisery.eu