Cloud-based SAAS provider hosts PII data for its customers. The organization has numerous databases and applications with personal identifiable information (PII) across various departments and groups within the company. The organization has challenges around data privacy, access, GDPR compliance, and possible security incidents.
We identified all the data sources which had PII information, determined who has access to the data, how data flows, and classified the data. We confirmed the compliance requirements for the Binding Corporate Rules (BCR), Records of Processing (RPA), and Consent were implemented. Based on business needs we confirmed if access was appropriate and identified gaps and other risks.
Anglepoint verified all GDPR controls in areas of consent, BCR, RPA, access, data classification, and threat. We then verified that patch management was implemented and working efficiently. After we reviewed the gaps, we made recommendations to the stakeholders to ensure the client was GDPR ready.