GDPR Compliance Requirements and Regulations

Optiv has the proven ability to look at a client’s security and privacy program holistically while also ensuring relevant industry regulations and compliance requirements are met.


GDPR Requirements and Compliance Services for Your Business

The General Data Protection Regulation (GDPR) came into effect in May of 2018. GDPR standards impact organizations residing in the European Union (EU) as well as those that merely transmit EU citizen data, and global companies are working frantically to comply with this sweeping regulation. Adding to the complication, the new GDPR requirements affects departments enterprise-wide, requiring them to work cross-functionally across the organization.


Optiv Security assists organizations with GDPR compliance regulations, including the following cybersecurity requirements:


  • Defines lawfulness of processing data to include consent by data subjects, privacy by design, the right to be forgotten and data portability requirements
  • Outlines GDPR responsibilities of both controllers and processors
  • Requires Privacy Impact Assessment and appointment of a Data Protection Officer (DPO)
  • Enforces strict breach of GDPR compliance notification requirements


    What is GDPR Compliance?

    The GDPR compliance regulations checklist outlines four categories of responsibility for online entities serving EU citizens. Lawful Basis and Transparency security standards require companies to conduct an information audit to determine what information is being processed and who has access to it, to have a valid justification for these activities and to clearly articulate the rationale for these policies. The Data Security component outlines requirements around anonymization and encryption, as well as your process for notifying authorities and victims in case of a breach. Accountability and Governance details how internal and external program responsibilities are to be staffed and managed. And Privacy Rights makes clear what customers are entitled to and what information the site is obliged to provide.


    GDPR represents an opportunity for organizations to strengthen customer relationships and help repair the damage bad actors have done in the public eye. Companies that embrace consumer privacy as part of their strategic mission are not only avoiding sanctions; they’re building their brands – and are perceived as more trustworthy in the market.

    9000 HG Image


    Number of DPOs needed to satisfy the GDPR requirement in the U.S.


    72 GG Image


    Maximum number of hours allowed to report a security incident once it has been discovered.


    52% GH Image


    Percentage of U.S. companies reporting they possess EU citizen data and are therefore require GDPR data protection.


    How We Are Different

    Optiv’s Approach to GDPR Compliance


    • Optiv assists organizations with six key security components of GDPR:

    • Data Governance – Understand GDPR compliance regulations as it relates to the business and then activate a plan to meet those obligations.

    • Data Classification – Analyze what data is relevant to GDPR standardsand develop a proper classification scheme for ongoing data management.

    • Data Discovery – Determine where sensitive data is stored across your environment and set up policies and procedures to manage GDPR data protection.

    • Data Access – Recognize who has access to data and set up policies and procedures for access management and governance.

    • Data Handling – Prepare for the chance of an incident and ensure that plans are in place to meet GDPR compliance regulations regarding the handling of sensitive information.

    • Data Protection – Plan, build and run an appropriate security program for the protection of sensitive information.

    Consolidated List of GDPR Services & Additional Capabilities from Optiv


    • GDPR Strategy Assessment

    • Virtual DPO

    • Data Protection Impact Assessments  

    • Third-Party Risk Management

    • Identity and Access Management 

    • Incident Response Services  

    • Attack and Penetration Services 

    • Application Security Services   

    • Cybersecurity Education

    • Managed Security Services