Ensuring the compliance with GDPR standards
Offering of services and solutions from All for One Poland
Adapt your organization to GDPR (in Polish - RODO)
New EU regulations regarding the personal data processing, effective as of 25 May 2018, pose an organizational and technical challenge even for those entities that have been so far proficient with applicable laws.
All for One Poland offers a range of services and solutions that support the adaptation of an organization to GDPR (in Polish – RODO) and subsequent maintaining of that compliance with existing standards. These are both information security services and applications that can be used at each of the data processing and protection stages – from collection, through access management, use, storage, transfer, to erasure of data.
GDPR vs. IT systems
The EU regulation changes the approach to ensuring the security of personal data processing. In contrast to the current national requirements, the selection of measures to ensure security will be the responsibility of a data processor. This means that it is necessary to carry out the process of risk analysis and assessment, and to build a risk management plan. These activities should be carried out from the point of view of the person whose data is processed, and as a result, solutions should be implemented to achieve the objectives of data protection. Processors must also be ready to meet functional requirements, such as the right to forget, strict control of access to data, encryption or pseudonymization of data. In the case of a breach of personal data protection, the data controller is obliged to immediately report this fact to the supervisory body.
Most data sets are processed in electronic form. Therefore, these requirements translate directly into the necessary functionalities of IT systems, which in many cases requires their adaptation – expansion, modification or addition of new elements of the IT infrastructure.
GDPR audit, risk analysis, pentests
In order for the modernization to be adequate to the needs of a particular organization, it is necessary to prepare a change project first. Based on its own expert competence, All for One Poland offers comprehensive support in adapting data controllers and processors to meet the requirements of GDPR (in Polish – RODO).
The first stage of the project is a gap analysis that provides answers to questions about the scope of the discrepancies between the current state and required GDPR criteria that have to be met.
The next stages include a risk analysis and the resulting implementation of controls, adaptation of processes and procedures (or development of new ones), as well as parallel designing and implementation of changes in IT systems.
The cyclical review of the IT environment security by an external auditor is an effective method of minimizing the risk of personal data leakage. It is a good practice to include such a requirement in the information security policy of each organization, with particular emphasis on the personal data processing area. All for One Poland has been supporting clients in ensuring information security in the organizational and technical area for many years by providing penetration testing services, among other things.
Adjustment of IT infrastructure
Anonymization of HR test data
How to anonymize data?
It is particularly urgent to ensure information security in non-production application systems. Test systems are usually fed with data similar to the data of a production system. “Production” personal data can be used in test systems only if it is properly secured. The method of securing personal data is anonymization or pseudonymization.
All for One HR Cloner for data anonymization in SAP HR
All for One HR Cloner allows you to minimize the risk associated with testing HR data in SAP systems, while providing a number of additional benefits, including saving time for administrators and users, speeding up tests and migration projects.