Skip to main content
GDPR Assessments

GDPR Assessments for Controllers and Processors

Serious About Security

Centris offers GDPR gap assessments for organizations all throughout North America seeking assistance with what’s arguably the most demanding and comprehensive data privacy regulation in the world. GDPR compliance for U.S. companies has hit our shores, so it's time to get serious about data privacy and security. Centris can assist.

Centris’ GDPR gap assessment services provide controllers and processors with a crystal-clear look into their operations and the supporting internal controls needed for ensuring GDPR compliance is met. Centris’ GDPR gap assessments consists of the following measures:

 

(1) Defining Scoping Considerations:

The GDPR is a massive piece of legislation with many moving parts (https://gdpr-info.eu/, 11 Chapters and 99 articles), so it’s important that controllers and processors know what they’re up against in terms of compliance, which ultimately begins with assessing scope. Questions that we get answers to during this process include the following:

  • What types of personal data for data subjects are being stored, processed, and transmitted?
  • What third-parties are also considered in scope for the GDPR, why, and do they have proper controls in place?
  • What internal and external personnel will be involved in working with Centris during and after the GDPR gap assessment activities?
 

(2) Assessing Data Privacy Requirements & Gaps:

The operational aspects of GDPR compliance are far-reaching indeed as controllers and processors need to ensure that various H.R., legal, privacy, and other prescriptive requirements are met for compliance. For example, do you have privacy policies, procedures, and processes in place for correcting and erasing personal data. Additionally, do you have well-documented incident response initiatives for responding to incidents and possible breaches? These are just a few examples of the depth of Centris’ activities during a GDPR gap assessment.

 

(3) Assessing Information Security Requirements & Gaps:

Per Article 32, “…the controller and the processor shall implement appropriate technical and organizational measures…”. Centris will do a deep dive into your information security policies, procedures, and processes, determining what framework – if any – you have in place, and what areas within the broader application of InfoSec will require remediation for the GDPR.

CENTRIS

Leaders in Security & Regulatory Compliance

Risk Strategies & Methodologies
Risk management planning reduces exposure to a wide-range of issues that could have detrimental effects on a business. Not knowing, planning, or responding to risks and related issues can leave an organization with few options in combating risks when they actually surface.
CENTRIS Advisory Methods
Strategic Planning & Integration
Every organization is moving towards a digitized business model, so isn’t it time to strategize on some of the most critically important elements for your business?
Explore CENTRIS Strategies
Regulatory Compliance Experts
Build scalable, adaptable, and efficient compliance solutions for increased organizational efficiency, while also improving core InfoSec, cybersecurity, operational and data privacy controls and best practices.
Regulatory Compliance For All Industries

The Importance of GDPR Compliance for U.S. Businesses

As a U.S. business, do you store, process and/or transmit personal data for data subjects that reside in the European Union (EU)? An answer of yes, or even a slight hint or acknowledgement that your business may in fact support such activities relating to personal data of EU data subjects will ultimately require some form of compliance with the GDPR.

Businesses of all types, industries, and sizes throughout the globe – and especially in the U.S. – are operating across borders, providing essential services and solutions to various countries. With globalization increasing, the demand for ensuring the safety and security of consumer data – and other supporting information – has now become a primary concern for all, and understandably so.

 

(4) Assessing Documentation Requirements & Gaps:

Policies and procedures are a heavy mandate for the GDPR, much like many of today’s regulations, and once again, controllers and processors are struggling immensely with such requirements. Centris can quickly identify what gaps and deficiencies exist within your documentation, providing expert guidance on remediation.

 

(5) Remediation Activities:

With Centris, our years of data privacy expertise allows us to offer comprehensive remediation services & solutions to your organization. From helping establish tighter information security controls to developing robust policies and procedures – and more - we offer a full menu of GDPR remediation services. Additionally, we can also develop a continuous monitoring program for ensuring your stay compliant with the GDPR requirements.

With Centris, we offer a wide range of data privacy, cybersecurity, and regulatory compliance solutions and services, including assessments & programsdata governancedata mappingPIADPIAGDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.

"Today’s headlines are saturated with catastrophic scenarios of what will happen if organizations fail to comply with the European Union’s (EU) Global Data Protection Regulation (GDPR)"
- Gartner

Why Centris for GDPR Gap Assessments?

  • Proven methodology that’s quick, comprehensive – and with fixed-fee pricing.
  • Experts at remediating GDPR gaps and documentation deficiencies.
  • Experience in working with all industries and sectors relating to GDPR.

Additional Related Services

Customized Data Privacy Programs | Data Privacy Cons...

Growing cybersecurity threats, coupled with increased laws and regulations are forcing organizations to truly take the time in assessing – and documenting – how they collect, use, share & disclose, store, protect, retain, and dispose of their data...
Read this article

EU Cloud Data Protection Code of Conduct Gap Assessm...

The EU Data Protection Code of Conduct for Cloud Service Providers, simply known as the EU Cloud Code of Conduct, is a framework consisting of a set of requirements for Cloud Service Providers (CSP) supported by a Control Catalogue. This is impor...
Read this article

Microsoft Supplier Security & Privacy Assurance Prog...

Per Microsoft, “The Microsoft Supplier Data Protection Requirements” apply to each Microsoft supplier that Processes Personal Data or Microsoft Confidential Data in connection with that supplier’s performance (e.g., provision of services, software...
Read this article

U.S. State Data Privacy Assessments, Consulting and ...

Almost every state is now following in the footsteps of California in developing comprehensive laws regarding an individual’s data privacy rights. In the near future, it’s quite possible that every state will adopt meaningful data privacy laws, a...
Read this article

International Data Privacy Assessments for U.S. and ...

While most of the world is focusing on the likes of the General Data Protection Regulation (GDPR), along with the California Consumer Privacy Act (CCPA), there’s much more to data privacy than these two well-known pieces of legislation. Canada, B...
Read this article

CCPA & CPRA Gap Assessments for Business in Californ...

The California Consumer Privacy Act (CCPA) is without question landmark legislation enacted to give consumers greatly enhanced privacy rights and protection clauses within the state of California. As an organization, if you’re doing business in t...
Read this article

Data Protection Impact Assessments (DPIA) | GDPR Con...

The General Data Protection Regulation (GDPR), under Article 35, requires, under certain circumstances, that a Data Protection Impact Assessment (DPIA) be performed by controllers if certain conditions exist. Specifically, “Where a type of process...
Read this article

Privacy Impact Assessments (PIA) | Minimize Privacy ...

The safety and security of all types of data is now front and center in today’s business arena due to growing cybersecurity threats, coupled with increased data privacy laws and regulations. With Centris, our PIA process is efficient, yet compre...
Read this article

Data Mapping for Security and Privacy | Improve Deci...

The safety and security of data (all types and all formats) is now more important than ever, thanks in large part to growing data privacy and cybersecurity regulations that are impacting organizations all throughout the globe. The General Data Pro...
Read this article

Data Governance Plan and Consulting Services | PIA, ...

When performed correctly, a quality data governance assessment provides organizations with an actionable roadmap for designing and implementing a sustainable data governance program that ultimately improves efficiency, promotes transparency, enabl...
Read this article

    Protect Your Digital Systems & Ensure Compliance at All Levels

    From robust security and compliance solutions to risk analysis and corporate strategy - partner with CENTRIS for enterprise resilience.

    Let's talk about your business - Contact CENTRIS Today