- Facilitate an internal kick-off and begin to launch an effective response program to the EU GDPR across the organization.
- Examine the challenges posed by the GDPR and the benefits of proactively demonstrating that the organization is compliant with the new requirements.
Our Services MDT
GDPR - HIPAA - CCPA
Education & Training
To prepare you to build and to solidify your knowledge of the EU GDPR.
Scope
Who should attend
Anyone who is or will be a member of the GDPR preparation team; Stake holders from key data processing areas (HR, Marketing, Finance, Data Manager, Data Scientists, Data Analysts, Clinical); Supervisors from appropriate user teams.
Duration
0,5 day : Unlimited number / 1 day : Unlimited number / 2 days : max 8 people
Audits & Risk Assessments
You can start with a Gap Analysis to determine which process is critical and to do a mapping of all your data flow. Then, you can start the implementation.
MyData-TRUST is experienced in risk assessment services which can be performed either with a limited scope specifically towards GDPR compliance or with a broad scope towards enterprise IT security risk.
GAP ANALYSIS
The Data Protection Gap Analysis (DPGA) is the first step of GDPR implementation. It specifically determines whether regulatory requirements are being met and, if not, what steps should be taken to ensure they are met successfully. The analysis highlights the high risk processing activities and defines the key elements of the data processing activities. It allows to build up the first version of the Data Processing Activities Records.
How does it work ?
The gap analysis exercise is carried out on site for 1 day, by 2 DPOs from the Life Science sector. Experts will analyze and evaluate the client’s process data flows and provide professional advice when risks are identified.
Typically, the process starts with a meeting involving experts and key stakeholders of the company to achieve a deep understanding of data flows and risks.
Expert report
After the initial 1-day evaluation, you will receive a 100-pages professional report detailing our findings and recommendations and include a high-level action plan. After the intervention and the delivery of the report, a debriefing meeting of about 2 hours will be set up to answer to any questions, to summarize the main points of vigilance and to take stock of the actions to do as efficiently and as easily as possible.
Action plan
Our experts will present their recommendations and will be able to create an action plan prioritizing the order of execution of the tasks in progress.
DPIA
Data Protection Impact Assessment consists in performing a preventive analysis concerning personal data processing risks to the rights and freedoms of natural persons. This tool is designed to measure the levels of privacy and security provided by the system, and suggest possible improvements.
ISA
The Information Security Assessment (ISA) is a measurement of the security posture of a system or organization. The security posture is the way information security is implemented.
Security assessments are risk-based assessments, due to their focus on vulnerabilities and impact. Security assessments rely on three main assessment methods that are inter-related. Combined, the three methods can accurately assess the Technology, People, and Process elements of security.
Vendor Assessment
According to the GDPR, data controllers may only appoint data processors which provide sufficient guarantees to implement appropriate technical and organisational measures to ensure processing meets the requirements of the GDPR. Processors are required to process personal data in accordance with the controller’s instructions. This imposes to data processors an indirect obligation to comply with many of the requirements which apply to controllers, albeit at their instruction.
MyData-TRUST is able to support you with the assessment of your providers in order to ensure GDPR compliancy all along the data flow of your processes; remotly via a survey or on site via an Audit.
Legal Support
We will stay at your disposition if you need any advice or just a precise task to do or review.
Legal
By taking time to understand your specific business cases and the issues and challenges you are facing, our Legal Advisory team uses their EU Data Protection knowledge to help you challenge conventions with partners and third parties.
Our Legal Advisory team is working closely with our clients. Together, they can help you to setup Binding Corporate Rules.
AD-HOC
Ad-hoc consulting is an easy way to out-contract services for a pre-defined period of time.
If you need Data Protection professionals to assess vendors, to perform a gap analysis, to setup a corrective plan; to implement CAPAs or to organize customized trainings, ad-hoc consulting will give you the flexibility you are looking for.
We can also do some risk assessment if needed.
Data Protection Officer
We created the DPO as a service (full-time or back-up).
MyData-Trust Data Protection as a Service (DPOaaS) approach enables you to have access to the skilled and certified people where, when and how often you might require.
Choose MyData-Trust DPOaaS and you can benefit from scalable capacity, dedicated staff, the ability to reduce fixed costs and optimize data protection activities.
DPO as a Service
DPO support – DPO network for clinical studies
The Data Protection Gap Analysis (DPGA) is the first step of GDPR implementation. It specifically determines whether regulatory requirements are being met and, if not, what steps should be taken to ensure they are met successfully. The analysis highlights the high risk processing activities and defines the key elements of the data processing activities. It allows to build up the first version of the Data Processing Activities Records.
Experience
Our people are multi-disciplinary (legal, IT, Life Science) and have extensive experience across numerous sectors.
Expertise
Our people are certified in Data Protection, Project Management and/or ISO standards. They are members of The International Association of Privacy Professionals. They are trained on DP tools and software that allow them to perfectly address GDPR requirements.
Dedication
Specific team members are dedicated to your organization. Dedicated staff becomes familiar with your products and processes which streamlines how we work together.
Customization
Every relationship is designed to meet the customer’s needs and service delivery configurations and options.
Data Protection Representative
We created the DPR as a service for companies outside the EU
DP representative
The Data Protection Representative is the key contact for authorities. He must have a clear understanding of the data processing activities. He is not legally liable for the Controller but he will have to address questions and comments from authorities in an appropriate manner.
MyData-TRUST provides the DPR service in all the EU and in the UK.
Education & Training
Education
& Training
To prepare you to build and to solidify your knowledge of the EU GDPR.
Scope
- Facilitate an internal kick-off and begin to launch an effective response program to the EU GDPR across the organization.
- Examine the challenges posed by the GDPR and the benefits of proactively demonstrating that the organization is compliant with the new requirements.
Who should attend
Anyone who is or will be a member of the GDPR preparation team; Stake holders from key data processing areas (HR, Marketing, Finance, Data Manager, Data Scientists, Data Analysts); Supervisors from appropriate user teams.
Duration
0,5 day : Unlimited number / 1 day : Unlimited number / 2 days : max 8 people
Audits & Risk Assessments
Audits & Risk
Assessements
You can start with a Gap Analysis to determine which process is critical and to do a mapping of all your data flow. Then, you can start the implementation.
MyData-TRUST is experienced in risk assessment services which can be performed either with a limited scope specifically towards GDPR compliance or with a broad scope towards enterprise IT security risk.
Gap analysis
The Data Protection Gap Analysis (DPGA) is the first step of GDPR implementation. It specifically determines whether regulatory requirements are being met and, if not, what steps should be taken to ensure they are met successfully. The analysis highlights the high risk processing activities and defines the key elements of the data processing activities. It allows to build up the first version of the Data Processing Activities Records.
How does it work ?
The gap analysis exercise is carried out on site for 1 day, by 2 DPOs senior profiles, experts in data protection and from the Life Science sector. Experts will analyze and evaluate the BEA’s process data flows and provide professional advice when risks are identified.
Typically, the process starts with a meeting involving experts and key stakeholders of the company to achieve a deep understanding of data flows and risks.
Expert report
After the initial 1-day evaluation, you will receive a 40-pages professional report detailing our findings and recommendations and include a high-level action plan. After the intervention and the delivery of the report, a debriefing meeting of about 2 hours will be set up to answer to any questions, to summarize the main points of vigilance and to take stock of the actions to do as efficiently and as easily as possible.
Action plan
Our experts will present their recommendations and will be able to create an action plan prioritizing the order of execution of the tasks in progress.
DPIA
Data Protection Impact Assessment consists in performing a preventive analysis concerning personal data processing risks to the rights and freedoms of natural persons. This tool is designed to measure the levels of privacy and security provided by the system, and suggest possible improvements.
ISA
The Information Security Assessment (ISA) is a measurement of the security posture of a system or organization. The security posture is the way information security is implemented.
Security assessments are risk-based assessments, due to their focus on vulnerabilities and impact. Security assessments rely on three main assessment methods that are inter-related. Combined, the three methods can accurately assess the Technology, People, and Process elements of security.
Vendor Assessment
According to the GDPR, data controllers may only appoint data processors which provide sufficient guarantees to implement appropriate technical and organisational measures to ensure processing meets the requirements of the GDPR. Processors are required to process personal data in accordance with the controller’s instructions. This imposes to data processors an indirect obligation to comply with many of the requirements which apply to controllers, albeit at their instruction.
MyData-TRUST is able to support you with the assessment of your providers in order to ensure GDPR compliancy all along the data flow of your processes.
Legal Support
Legal
Support
We will stay at your disposition if you need any advice or just a precise task to do or review.
Legal
By taking time to understand your specific business cases and the issues and challenges you are facing, our Legal Advisory team uses their EU Data Protection knowledge to help you challenge conventions with partners and third parties.
Our Legal Advisory team is working closely with our clients. Together, they can help you to setup Binder Corporate Rules.
AD-HOC
Ad-hoc consulting is an easy way to out-contract services for a pre-defined period of time.
If you need Data Protection professionals to assess vendors, to perform a gap analysis, to setup a corrective plan; to implement CAPAs or to organize customized trainings, ad-hoc consulting will give you the flexibility you are looking for.
We can also do some audit if needed.
Data Protection Officer
Data Protection
Officer
We created the DPO as a service (full-time or back-up).
MyData-Trust Data Protection as a Service (DPOaaS) approach enables you to have access to the skilled and certified people where, when and how often you might require.
Choose MyData-Trust DPOaaS and you can benefit from scalable capacity, dedicated staff, the ability to reduce fixed costs and optimize data protection activities.
DPO as a Service
DPO support – DPO network for clinical studies
The Data Protection Gap Analysis (DPGA) is the first step of GDPR implementation. It specifically determines whether regulatory requirements are being met and, if not, what steps should be taken to ensure they are met successfully. The analysis highlights the high risk processing activities and defines the key elements of the data processing activities. It allows to build up the first version of the Data Processing Activities Records.
Experience
Our people are multi-disciplinary (legal, IT, Life Science) and have extensive experience across numerous sectors.
Expertise
Our people are certified in Data Protection, Project Management and/or ISO standards. They are members of The International Association of Privacy Professionals. They are trained on DP tools and software that allow them to perfectly address GDPR requirements.
Dedication
Specific team members are dedicated to your organization. Dedicated staff becomes familiar with your products and processes which streamlines how we work together.
Customization
Every relationship is designed to meet the customer’s needs and service delivery configurations and options.
Data Protection Representative
Data Protection
Representative
We created the DPR as a service for companies outside UE
DP representative
The Data Protection Representative is the key contact for authorities. He must be have a clear understanding of the data processing activities. He is not legally liable for the Controller but he will have to address questions and comments from authorities in an appropriate manner.
PrivaREG
Privacy Management Platform (PMP)
PrivaREG
Privacy Management Platform (PMP) provides essential processes and tools for organizations to insure state-of-the-art of Data Protection documentation and to succeed with the operationalization of the Data Protection rules.
PrivaREG integrates standard reports that streamline communication to subjects and authorities. In addition, it produces measures to assess and monitor the level of data protection.