Welcome to Gratia - The Management Consulting Organization

Welcome to Gratia - The Management Consulting Organization

We focus on Management consulting services for MSP/MSSP companies!
Our strength is building out highest quality operational models
as well as sales and marketing concepts.
If you are a PE firm with MSP/MSSPs in your portfolio, let us help you drive EBITDA and customer retention!

Get in contact

GDPR (EU General Data Protection Regulation)

The effective date - May 25th, 2018 - is coming soon!

The EU is putting this regulation in place to mandate that companies will protect personal information of EU citizens. Organizations that are not compliant with this regulation could face heavy fines. There are technical solutions like vulnerability management, patching, managed SIEM to help protect the data.  There are also processes and governance solutions based on best practices like ITSM, ISO27001, and NIST to better help mitigate risks and protect data.

Why do I care if my company is not located in the EU?

 

That’s a great question we hear all the time. However, it applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

If you’re collecting personal data and or behavioral information from someone in any EU country, your company is subject to the requirements of the GDPR. The law only applies if the data subjects, as the GDPR refers to consumers, are in the EU when the data is collected. This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply.

Its important to understand this applies to any personal information gathered regardless of a financial transaction. Example If the someone living in the EU completes a survey with personal data or (PII) as part of survey or application, then the data is covered by GDPR.gdpr03

Generic marketing by US company’s webpage does not apply. However, marketing in an EU language and listing company references in an EU country will be considered target marketing and GDPR will apply. US companies need  to review this in regards to their marketing and data collection practices to see if this applies. Companies in the hospitality, e-commerce and others need to pay special attention to it.

What are some examples of what GDPR requirements are what it covers?

• Breach Notification: A company must notify consumers or data subject of the breach within 72 of becoming aware of it.

• Right to Access: The consumer or data subject has the right to know if their personal data is being processed or used and for what purpose. Additionally, a free copy of the data must be shared upon request to the consumer or data subject.

• Right to be Forgotten: Allow the consumer or data subject to have their data erased and includes all third parties associated with it.

• Data Portability: The right of consumer to get their data in a standard format to move to another company.

• Privacy by Design: the concept of designing and implementing solutions to keep personal data private and secure.


Gratia has many solutions to help our customers with compliance and security


  • Vulnerability Management
  • Patching
  • Security Monitoring (Managed SIEM)
  • Penetration Testing

Please reach out to us (info@gratia-inc.com or +1 513-800-0660) if we can help with your organization's GDPR or other compliance topics or if you would like to discuss your IT Data Security needs!

 

Sources: EUGDPR.org https://www.eugdpr.org/



-->