Infosys Framework for GDPR

Overview

Comprising over 173 regulations and 99 articles, GDPR includes mandates, repeals, exceptions and responsibilities for all organizations to ensure that personal data of EU residents is protected. So, organizations can expect significant changes with the rollout of GDPR.

To help organizations become ready to encounter the situation while securing their businesses, Infosys has designed a unique GDPR offering. It helps achieve GDPR readiness by assessing the current state, designing the future state, implementing the required changes, and managing and securing the renewed compliance. This Infosys framework derives key questions and drivers for compliance from the standpoint of GDPR’s key focus areas.

Know your GDPR readiness with the Quick Assessment Tool

Start the assessment

Be GDPR ready with Infosys’ ADAM Framework - Assess, Define, Administer and Manage

extended territorial scope

Extended territorial scope

Non-EU Organizations which process personal data of EU residents or provide services to EU residents will need to adhere to new regulation

 
data portability

Data Portability

Organizations should develop interoperable formats that enable data portability

 
privacy impact assessment

Privacy impact assessment

Organization processing the data will be required to conduct privacy impact assessments

 
notification of breach

Notification of breach

Organizations need to report data breaches within 72 hours after breach

 
privacy by design

Privacy by design

Data protection principles should be adopted into product/project design process

 
consent and profiling

Consent and Profiling

Organization must inform data subjects of the existence and consequences of any profiling activities which they carry out and obtain explicit consent from data subjects

 
erasure/rectification of data

Erasure/Rectification of data

Data subjects have right to ask for rectification or right to be forgotten

 
data protection officer

Data Protection Officer

Every member state needs to have an appointed supervisory authority who will interact with DPO (Data protection officer) at Controller/Processor level

 

As an end-to-end solution from Assessment to Security, the Infosys GDPR offering ensures business continuity along with readiness towards GDPR. Our consultants and technology experts help organizations perform assessments, define roadmaps, design architecture, implement & manage solutions, and enable audits, training and change management. Infosys GDPR platform, as a part of the overall solution offering, enables integration of various product suites offered by its partners. Our accelerators expedite solution implementation at each stage of the compliance journey.

Our proprietary ADAM framework-based approach offers easy customization and productivity gain that transforms an organization to a state where it is not only regulation acquiescent, but also an efficient counterpart.

Line

Challenges & Solutions

  • Evaluate Application, Process and Technology landscape
  • Personal/Sensitive Data Discovery and Governance Assessment
  • Perform GAP Analysis w.r.t GDPR
  • Devise prioritized roadmap for transition from current to GDPR ready state
  • Define and Design Data/Process Governance
  • Create or Re-New Policies
  • Develop Revised Architecture and IT Infrastructure Plan
  • Create Implementation Scenarios as Use Cases
  • Refine Personal Data Reporting and its Processes
  • Refine and Define Privacy Incident Management
  • Source external counsel fully capable of supporting through preparation for, and implementation of, the proposed changes
  • Realign Data Management Framework w.r.t GDPR
  • Build Solution Architecture
  • Apply Validation Services
  • Solution Deployment
  • Realize Roadmap and Data Strategy
  • Supervise and take remedial actions
  • Execute timely Data Protection Impact Assessment
  • Support w.r.t Data & Incident Management