Outsource your Data Privacy Officer

By choosing a EU specialist, you will be adviced with the latest European case law. It is more than ever needed and required by Article 27 GDPR.

What do we offer?

Depending of your organisation complexity, we will adapt our services pack. If you want to be compliant with GDPR, a DPO presence in Europe is mandatory. Indeed, the control authorities want to talk with a representant reachable (same time zone) and speaking the local langage. Furthermore, more than 50 items are country specific: the Social Security Number is considered as sensitive in France for instance. So you'd better use a local specialist team!

Multinational Corporation

We act on your behalf as the central point of contact of the local EU authority. As a DPO or your DPO assistant, we will serve as your relay in front of the local control authority and your employees.

US Company

As California Consumer Protection Act is slightly different with GDPR, you will need to adjust your documentation and user rights. We can assist you for doing that ponctually or on the long run.

Services On Demand

Audit, Training, PIA, DPO assistance, ISMS Setup/Assistance...

Latest News

ICO intends to fine British Airways for a Data Breach

The british authority, ICO, intends to fine British Airways £183 Millions relates to a cyber incident. It has been notified to the ICO by British Airways in September 2018. It involved user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were harvested by the attackers. Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018. According to the investigators, poor security arragement have caused this breach.

Are you ready for the Brexit ?

Are you using IT or Cloud services hosted in UK ? You have to know that Brexit terms are currently negociated but nothing is changing until the 31rst of December 2020. Then 2 choices regarding GDPR will be possible: either EU will decide of an UK equivalence or you will have to use either standard contractual clauses provided by the local authority or inside a multinational group, “Binding Corporate Rules”. But according to recent newspaper, the Brithish authority (ICO) would like to keep GDPR while the prime minister would like to have an autonomous British regulation….

Managed Security Service Provider’s GDPR Liabilities

The growth of MSSP’s sector has resulted in efficiencies of outsourcing data processing. 

Recent legislation in GDPR has created a further demand in compliancy leading to potential confusion on the responsibilities between the IT outsourced provider (called data processor) and the client (called the data controller) who decide what to do and the budget associated.

MSSP’s now need to adapt their model to accommodate the significant changes in GDPR, therefore avoiding the legal consequences of non-compliance to their business.

These changes encompass:

  1. Accountability transparency
  2. Data Protection principles
  3. Security and confidentiality certainty
  4. Governance support and advising on duties

The legislation directs that the data processing community has to be fully conversant with GDPR governance. For example, MSSP’s will need to ensure the process of data collection addresses ‘private impact assessment’ prior to deploying a ‘data leak prevention’ or similarly an advanced web filtering solution.

The remit of the MSSP sector implementing managed advanced threat protection solution, the processing of personal data and more sensitive data categories as defined in article 9 of the GDPR legislation. Providers are directly liable to European regulation to infringements of sensitive information namely political and religious opinion or sexual orientation.

Data Processing/MSSP – Risks of Non-Compliance

·     Damaging loss of reputation of the company.

·     Sanctions from the GDPR authority. These include MSSP’s, Data Collectors and end customers exposing risk of penalisation from the ICO in the UK or the CNIL in France. (Public Warnings up to and including a 10 million Euro fine or 10% of their worldwide turnover penalty)

·     The courts may apply powers of applying prison sentence or significant fines to the data collector or sub-collector.

·     Civil law has legitimacy to cancel contracts and refund customers.

The change in legislation is a major wake up call to the entire managed security service providers. GDPR compliance is now a reality and the priorities need to start with DPO designation and teams training. The consequences of contravening GDPR law is financially damaging with let alone reputation to trust in company branding.

Being compliant is a reality and strengthens overall value propositions, enhances reputation and increases best practice in security.

PS: I tried to summarize this complex subject in one page so if you may have any comments or questions, don’t hesitate to contact me directly.

Cookies information: we don't use any tracking system. Privacy is our business. We only do statistics in order to improve our Website and better serve your interest. More Informations

We only collect personal data for statistics purposes. In details, it is your IP address, your browser version and OS type, where you are coming from and what pages you are consulting. We don't sell this information but use it to improve our website and services. However, If you disagree, please send us an email at privacy@ipaxess.com and we will delete this information as soon of possible, in less than 30 days in any case.