GDPR Assessment Services

GDPR Assessment Services

GDPR Compliance Made Easier


If you do business internationally, chances are your privacy processes and procedures must hold up to the new General Data Protection Regulation (GDPR) regulations and requirements that went into effect on May 25, 2018.

This European Union (EU) regulation, intended to give people more control over their personal data and protect that information from risk, applies to any organization that conducts business in the EU.

You need an information security and compliance partner you can trust to help you navigate the GDPR.

Who Must be GDPR Compliant?

With the extended jurisdiction of the GDPR comes the biggest change to the regulatory landscape of data privacy in decades. GDPR provides one set of data protection rules and applies to all companies processing the personal data of people residing in the European Union, regardless of the company’s location.

The GDPR also applies to the processing of personal data of data subjects in the EU by a controller or processor not established in the Union, where the activities relate to offering goods or services to EU citizens (even if payment is not required) and the monitoring of behavior that takes place within the EU. Non-EU businesses processing the data of EU citizens also have to appoint a representative in the EU.

What is Personal Data?

According to the GDPR, personal data is any information that relates to an identified or identifiable living individual. If different pieces of information can be collected together to lead to the identification of a particular person, this information also constitutes personal data.

Examples of personal data are as follows:

  • Name and surname
  • Home address
  • Email address
  • Identification card number
  • Location data (for example the location data function on a mobile phone)
  • Internet Protocol (IP) address
  • Data held by a hospital or doctor, which could be a symbol that uniquely identifies a person

What Constitutes Processing of Data

Processing of data pertains to operations performed on personal data, including by manual or automated means. This covers a wide range of functions including the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Sword & Shield’s GDPR Assessment

Sword & Shield leverages our experience in data and information security compliance under various frameworks (GDPR, NIST, HIPAA, ISO, ITIL, etc.) to identify the gaps between GDPR requirements and your current security posture.

With GDPR recently going into effect and regulators announcing imminent fines, it’s time to understand your status and remediate your gaps. Organizations at varying stages of readiness can rely on Sword & Shield to provide clarity around GDPR compliance.

We Get to Know You

Sword & Shield employs its 20 years of information security and compliance expertise to partner with you to determine your status and assist you with fulfilling GDPR requirements. We get to know you through the following:

  • Inspection
    Sword & Shield reviews your documentation such as policies, procedures, and records to determine if GDPR requirements are being met.
  • Inquiry
    We interview your team members to determine if controls are in place and operating effectively, and to evaluate knowledge of controls.
  • Evidence Gathering
    We collect and review documented policies and procedures as well as interview findings to assess accuracy and compliance with the GDPR.

What our GDPR Assessment Includes

We are uniquely qualified to perform your GDPR assessment based on our ability to get to know your organization, systems, processes and documentation, and apply this information to GDPR using our compliance expertise. Sword & Shield’s GDPR Assessment services include the following:

  • Gap Analysis against relevant GDPR Articles
  • Personally Identifiable Information Identification
  • Incident Management Process Review
  • Vendor Management Practices Review
  • Information Classification
  • Data Retention Review
  • Policy and Procedure Review

Let Sword & Shield help you to determine your data privacy and security needs, and implement safeguards to meet them.

GDPR Services Deliverables

Sword & Shield identifies gaps between your current policies, procedures, systems, and applications relative to the GDPR. The results of the analysis are used to create recommendations to assist with the remediation efforts required to reduce gaps and achieve compliance with the GDPR.

Following delivery of the final report, Sword & Shield provides you with your customized roadmap to GDPR Compliance. The roadmap takes into consideration the controls that need to be addressed to lower risks and address compliance deficiencies.

Download Datasheet

GDPR Assessment Services

Get a Handle on Your Security

Request a Free Consultation.