What is GDPR


The European Union (EU) General Data Protection Regulation (GDPR) was approved by the EU Parliament on 14 April 2016 and will enter full force for all EU member states on 25 May 2018. The GDPR replaces the current Data Protection Directive 95/46/EC and sets the rules relating to the protection and processing of personal data as well as protecting the rights and freedoms of persons and their right to the protection of personal data within the European Union (EU).



Who Does GDPR Apply To?


GDPR applies to organizations located within the EU and organizations located outside of the EU, should they offer goods or services to process information pertaining to EU organizations and citizens. It applies to all companies processing and holding the personal data of people residing in the EU, regardless of the company’s location.


Largest Operational Impacts of GDPR


Territorial Scope: GDPR does not only impact organizations located within the EU. It impacts any organization globally that processes the data of an EU resident.

Data Protection Officer: The Data Protection Officer must be skilled at handling the privacy of information and be readily involved in, and available to address matters concerning the security and privacy of data.

Consent and Necessity: The individual whose data is being collected must have given consent to the collection of their data and the collection of data must be business, legally or contractually necessary.

Impact Assessments: Data processors are required to conduct impact assessments on their systems that will process regulated data.

Data Protection: The backing up and encryption of regulated data are requirements under GDPR. Measures must be taken to protect the confidentiality, integrity and availability of the information and organization’s must ensure that they are regularly monitoring and assessing their security measures for effectiveness.

Vendor Management: The data controller is responsible for selecting and managing their chosen data processors. Impact assessments and vendor risk management practices are all required under GDPR.

Increased Penalties: Organizations can be fined up to 20,000,000 Euros, or 4% of gross annual turnover (whichever is higher) for infringing the regulation.



SubRosa Cyber Solutions and GDPR


Services Overview


SubRosa Cyber Solutions offers a three-tier process to assessing and guiding your organization through the process of achieving GDPR compliance. Enabling SubRosa Cyber Solutions to accurately determine the steps needed to be taken in order to achieve compliance.


Process Overview


  1. Initial Assessment: The initial assessment is a short, non-technical questionnaire that SubRosa uses to assess and determine exactly where your organization falls into the compliance requirements of GDPR.
  2. GDPR Compliance Assessment: The SubRosa Cyber Solutions GDPR Compliance Assessment Framework is a SubRosa-built, in-depth framework used to determine compliance with GDPR. The framework encompasses technical and procedural best-practices from GDPR, ISO27001 and other, globally recognized cybersecurity and privacy frameworks.
  3. GDPR Data Assessment: The GDPR Data Assessment utilizes the SubRosa Data Intelligence Tool to perform an in-depth, comprehensive assessment of your data at rest in order to determine exactly where on your network, your sensitive, GDPR-regulated data lies.
  4. Process Outcome: The GDPR Compliance Assessment will culminate in you achieving a complete understanding of the road to compliance. From both a policy, procedure and data storage perspective. SubRosa Cyber Solutions is able to guide and assist your organization throughout the entire GDPR compliance process, from concept through to achieving and maintaining compliance.


5100 Darrow Road, Suite B

Hudson, OH 44236

877-390-3950 Office