The GDPR that regulates the flow of personal data within the European Union marks a milestone in the field of data protection and information security. The new regulation provides guidelines for controllers to improve security measures to maintain the integrity and confidentiality of personal data. In other words, GDPR laws necessitate the controllers and processors to determine the technical measures and prevent the unauthorized or unlawful processing, and against accidental loss, destruction or damage of the information processed. However, compliance with GDPR can be time-consuming and resource-intensive for a controller. “Many of these actors are aware of the new rules introduced by the GDPR, yet they choose to ignore the relevant obligations, hoping to avoid inspections and further consequences,” says László György Dellei, CEO, Kerubiel. Hungary-based Kerubiel helps controllers and processors achieve high-level data protection compliance through its state-of-the-art solutions.
Kerubiel follows an exhaustive onboarding process that begins with seeking direct contact with its clients—from the planning process to implementation of the GDPR compliance solution. By participating in each of these stages, the firm plays an active role throughout the whole decision-making process. The initial engagement starts with self-awareness around GDPR legislation and data governance followed by a demo on detailed documentation to ensure the internal data records are continually maintained, and risk management.
Kerubiel unites knowledge from the market with its supervisory expertise to offer unique and tailored solutions
Since the law requires a deep understanding of its principles to meet the regulatory requirement, the firm has established an extensive network of “contributing experts,” who range from certified information security experts to the ones who formerly worked at the Hungarian National Authority for Data Protection and Freedom of Information. This way, Kerubiel unites knowledge from the market with expertise from the supervisory authority to offer unique and tailored solutions.
The implementation of GDPR and the subsequent documentation process are a focal point of the newly enshrined principle of accountability in the legislation. Subject to this doctrine, organizations must demonstrate compliance with the GDPR which may be achieved by implementing the necessary documents. “We offer to develop the relevant documents, privacy notices, and policies as well as other internal rules to help our customers,” says Dellei. Besides, the firm also provides counseling services in the field of risk assessment and data breach management. With a unique view to information security, the firm assists its clients with carrying out legitimate interest tests, Data Protection Impact Assessments and complex data breach management. Kerubiel may also provide its clients with a person as a DPO (Data Protection Officer) if needed, and the officers provide expert advice on questions relating to data protection.
Today, Kerubiel is a go-to-provider for controllers seeking GDPR compliance solutions. As a case in point, the firm cooperated in and contributed to the successful management of a data breach that occurred to a multinational company located in Budapest. Immediately after the personal data was breached, the client convened the response team comprising the chief security officer, Kerubiel-backed DPO and the head of legal and informatics, among others, and the team subsequently came out with the analysis, reporting, and implementation of measures that immediately mitigated the effects the breach.
In 2019, more regulations concerning data protection will be adopted on a national and union level. The relevant law modifying existing Hungarian regulations in accordance with the GDPR, and the ePrivacy Regulation will bring new challenges, and Kerubiel continues to work on them as well. Furthermore, the company aims to utilize its expertise on a regional level, opening up to other Central and Eastern Europe (CEE) countries.