The General Data Protection Regulation (GDPR) is “designed to harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy.” GDPR legislation establishes consistent rules for managing personal data of EU citizens.

What does that mean for companies?

GDPR applies to any organization that handles personal data of EU citizens. Data processors and data controllers alike, regardless of their geographic location, are subject to the regulations. If your organization handles personal data of EU citizens, you must comply directly with GDPR Framework, which provides companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.


The GDPR applies a significant amount of pressure to organizations that are processors of EU citizen personal data, which can be anything from a name, photo, email address, bank details, posts on social networking websites, medical information, or a computer IP address. These regulations are tough but not insurmountable. In fact, Cyber Knight can help your organization in many ways to prepare for the May 2018 deadline and afterwards. One of which is helping organizations comply with the Privacy Principles on basis of ICO UK guidelines.


General Data Protection Regulation (GDPR) & Privacy Shield Controls Review

Cyber Knight ’s general controls review provides organizations with an understanding of how well they align with standards set forth by GDPR regulations set to be enforced in May 2018.

Services include:
    • Performing a data inventory to determine the scope of data and entities covered by GDPR and Privacy Shield requirements.
    • Identifying and register with an Independent Resource Mechanism.
    • Developing a privacy policy to meet EU GDPR requirements.
    • Performing 3rd party compliance review for self-certification verification process.

Data Classification

Cyber Knight performs a review of the data classification policy or standard and the effectiveness of its implementation. If no formal documentation exists, Cyber Knight will draft a Data Classification Standard based on NIST SP 800-60 and FIPS 199. The security categories are based on the potential impact to an organization should certain events occur that jeopardize the information and information systems. The review will define the impact Low, Moderate, or High, based on the security objectives for information and information systems of:


Our Approach

Our GDPR Consultancy Services

Consulting Services

  • GDPR readiness assessment
  • Privacy risk and impact assessment
  • Data privacy policies and processes
  • Data classification and retention policy definition
  • Privacy awareness and trainings
  • Third party privacy assessment

Professional Services

  • Visibility over personal information through e-discovery
  • Classification of structured and unstructured data
  • Enforcement and implementation of data privacy policies
  • Implementation of information protection solution like DLP, IAM
  • Implementation of privacy enhancing technologies like static and dynamic masking, encryption
  • Implementation of incident monitoring solutions

Support & Managed Services

  • Onsite support for all GDPR advisories
  • Onsite presence for entire project
  • Every month onsite presence for GDPR status check and compliance reporting
  • Onsite support to review documents / Create policies / Processes
  • Onsite support for suggestions on the queries on data subject request.
  • Ongoing enhancement of the compliance on GDPR and other necessary compliance requirements.
  • Retainer model for any compliance advise.