What is GDPR?
The General
Data Protection Regulation (GDPR) is a regulation
in EU law on data protection and privacy in the European Union (EU) and the
European Economic Area (EEA). It also addresses the transfer of personal data
outside the EU and EEA areas. The GDPR's primary aim is to give individuals
control over their personal data and to simplify the regulatory environment for
international business by unifying the regulation within the EU.
GDPR was
drafted and passed by the European Union (EU), but it imposes obligations onto
organizations anywhere, so long as they target or collect data related to
people in the EU.
The objective
of the GDPR Compliance is to evaluate and measure the compliance of your
organization towards GDPR requirements.
GDPR Compliance
Certification does not confirm legal compliance to GDPR however it provides a
considerable framework for any company to support compliance with GDPR or any
other data privacy requirements.
GDPR Compliance
Certification does not confirm legal compliance to GDPR however it provides
a considerable framework for any company to support compliance with GDPR or any
other data privacy requirements. Organizations can also consider implementing
BS 10012:2017 as an alternative approach. This is for organizations seeking to
implement a standalone Privacy Information Management System without ISO 27001.
MQA will not
accept any liability that may arise as result of any security breach or weakness
in your system that may impact the compliance to the GDPR requirements after
the audit assessment.
Benefits of GDPR Compliance
GDPR helps organizations to protect their customer's Personally Identifiable Information which in turn brings many benefits where some benefits are mentioned below:
-
Improved Information Privacy
-
Increased Customer Satisfaction
-
Gain Competitive Advantage
-
Increased PII Attack Resilience
-
Increased Focus on Risks
-
Greater Legal Compliance
-
Reduce the Costs of Information Privacy
-
Continued PII Confidentiality
-
International Recognition
Journey to GDPR Compliance
GDPR Compliance is a 3rd party audit performed by MQA, during the audit we
will verify that your organization is following the requirements of GDPR, if received positive results then we will issue an GDPR Compliance Certificate. This certification is then maintained through annual
surveillance audits by MQA, with re-certification of the GDPR
Compliance Certification after three years. See below cycle to know how you can get started on the road to certification:
MQA Certification Cycle
Year 1
Step 1.1 (Initial Application)
- Client request a quotation.
- MQA will assess Client’s requirements.
- MQA will share proposal with client.
- Client signed the 3-year Certification Contract with MQA.
Step 1.2 (Certification Audit)
- MQA will conduct:
- Gap Assessment (Readiness Review)
- Stage-1 Audit (Documentation Review)
- Stage-2 Audit (Implementation Review)
- MQA Auditor will share the audit reports to MQA’s Certification Decision Committee.
Step 1.3 (Certificate Management)
- If certification decision is positive, then certificate is issued by MQA.
- If certification decision is negative, then verification audit is planned by MQA.
- Client will receive the MQA Portal access to:
- View the Audit Reports.
- Download the GDPR Certificate.
- Review & Respond to Audit Findings, etc.
Year 2 & 3
Step 2.1 (Renewal Request)
- MQA request for renewal.
- Client agreed for Surveillance Audit.
Step 2.2 (Surveillance Audit)
- MQA will conduct Surveillance Audit
- MQA Auditor will share the audit reports to MQA’s Certificate Decision Committee.
Step 2.3 (Certificate Management)
- If no critical non-conformity found, then certificate is renewed by MQA.
- If any critical nonconformity found, then verification audit is planned by MQA.
- Client have the MQA Portal access to:
- View the Audit Reports.
- Download the GDPR Certificate.
- Review & Respond to Audit Findings, etc.
MQA help you to certify your organization to GDPR.