Quantar UK


GDPR Implementation & Audit Services

Quantar General Data Protection Regulation Services

Quantar is able to assist your organization with both the initial implementation of a GDPR compliance program and the follow-on activities to ensure compliance is maintained in the face of severe penalties for failures.

Our approach to a GDPR project may differ from other suppliers in that we are able to offer ISO/IEC 27001:2013 auditing, as well as a unique cyber threat valuation service allied to your primary program. The GDPR explicitly refers to the use of certified standards, such as ISO/IEC 27001 as a means of providing evidence of GDPR compliance. However, in many cases, GDPR practitioners are not able to ensure that an implemented ISO 27001 information management system does in fact lead to such compliance.

We are certified both as GDPR Practitioners as well as ISO 27001:2013 Lead Auditors and can thus ensure that the intention of using ISO or other standards or codes of conduct are suitable for the intended purpose of compliance. In some circumstances, the requirements for ISO 27001 certification under the mandated obligations within Appendix A, can unintentionally lead to data that, uncontrolled, would lead to GDPR breach.

Art. 24 GDPR Responsibility of the controller

(3) Adherence to approved codes of conduct as referred to in Article 40 or approved certification mechanisms as referred to in Article 42 may be used as an element by which to demonstrate compliance with the obligations of the controller.

Our objective is to ensure that your organization’s GDPR program embodies the correct components to satisfy both the Articles and Recitals of the forthcoming regulation, since one determines the intent and scope, whilst the other stipulates roles, responsibilities and actions to be taken and recorded. Unlike an internationally certified standard however, there is zero demarcation between compliance and failure. In the case of the standard, an audit is undertaken through sampling and extrapolating the data to determine compliance with the standard or not. In the case of the GDPR, an audit will be undertaken to determine if all the stipulations of the regulation have been met.

Providing evidence as to compliance will not be a task that should be underestimated and Quantar is able to provide additional data through its proprietary cyber threat valuation system implemented within your organization as part of that process. Our proprietary, patented technology was developed for banking regulation compliance and auditing.

Mapping Business Process - Systems - Categories Using CyCalc

Quantar has experience of legal and regulatory compliance activities in the domain of information technology stretching back to March 2000. As such, with our undoubted expertise in delivering appropriate compliance solutions according to both the requirements of our clients and meeting requisite stipulations within regulations, we are confident that your organization can benefit from our expertise.

Our mode of working is dependent upon the size and structure of your organization. However, within our FAQ section of this website, we have outlined how we undertake our implementation and audit services.

For further information on how Quantar can assist your organization reach the goal of compliance with Regulation (EU) 2016/679; The General Data Protection Regulation, ISO/IEC 27001: 2013 and cyber threat valuation, please contact our team.

Name

Email

Subject

Message

By using this form you agree with the storage and handling of your data by this website.

Quantar professional service quality assurance is provided by the Global Association for Software Quality (GASQ), which is an independent, international association. GASQ maintains an international network and supports certification programs.

Quantar’s CyCalc Suite assists organizations in mapping their business process/systems/categories interdependencies. Understanding the relationships between your organization’s data and their flows within it are crucial in meeting the requirements of the GDPR. Knowing the risks posed to an organization forms part of the GDPR stipulated activities. Transferring risks that are higher than your organization’s risk appetite assists in the provision of GDPR audit evidence.