make a good business better
GDPR Compliance

GDPR Compliance

Print Divider Print Divider Branding

The General Data Protection Regulation (GDPR) applies to all companies processing and holding personal data of data subjects residing in the EU, regardless of the company’s location. The enforcement date begins May 25, 2018, and because GDPR is the most important change in international data privacy regulation in 20 years, we want to make sure your organization is prepared. Many U.S. organizations have questions about how GDPR impacts them, especially pertaining to the types of personal data they have, how the GDPR defines personal data, and the new protection laws against that personal data.

LBMC Information Security can help answer these questions and more, as well as offer guidance to help you determine if your organization is a controller or processor under GDPR (or both), direction on whether you need to assign a Data Privacy Officer, and understanding how GDPR can impact your organization even outside of the European Union.

LBMC Information Security’s GDPR Compliance Services

LBMC Information Security’s compliance and audit experts can help your organization with GDPR compliance in the following ways:

  • GDPR Applicability Analysis—LBMC Information Security can help organizations in understanding if GDPR applies. We will obtain an understanding of your environment, your legitimate purpose in retaining personal data, and how you interact with EU citizens. This will involve a review of current data flows and interviews with key stakeholders.
  • GDPR Readiness—A readiness assessment takes a deeper dive into how your organization is classified under GDPR. LBMC Information Security will assist you in determining if you are a data controller or a data processor and walk you through determining which legal basis for processing personal data best fits your company. Once this groundwork is laid, we can assist in understanding the current privacy maturity and data flows across an organization to determine not only the impact of GDPR on the organization but also to develop a strategic compliance approach and build trust through safeguarding customers’ personal data. We can also help you develop a list of GDPR compliance action items that should be taken, including defining whether your organization is a controller, processor, or both; identifying key stakeholders and data flows, assessing contractual obligations, and implementing GDPR into compliance program initiatives.​
  • Data Analysis and Classification—Our team can help organizations define and establish a data classification and labeling system, as well as review any existing data classification policies to ensure the protection of personal data as defined by GDPR to map out an ongoing compliance strategy. By conducting an inventory of sensitive data types and performing an analysis of an organization’s information and inventory of data, we can then help you implement the appropriate controls to ensure GDPR compliance.

Contact Us

Ready to explore if your organization will be affected by GDPR and how to maintain compliance? Fill out the form below or call 1-877-994-2248.