The EU's General Data Protection Regulation (GDPR) has been one of the biggest game changers in business and data privacy arenas recently.

GDPR is the 2nd evolutionary stage of European data privacy regulations, with its roots coming from the 1995 Eurpean Union's Data Privacy Directive 95/46 (EU 95/46). The biggest shift was the migration from EU 95/46 as a "directive" mandating European Union member countries to promulgate regulation at a country level, to the GDPR where it became the defacto, or baseline data privacy "regulation" for all member countries. The ssecond and very relevant one, was the shift from data "privacy" specific to data "protection" uniting data privacy and security into one, for a more holistic approach.

tall blue letter in three dimensional illustration spelling GDRP with a dart board and a dart in the bulls eye

The impetus for evolving from EU 95/46 to GDPR came out of a landmark case in an Ireland courtroom, where its government challenged Big Tech's ability to protect the data privacy of its residents and won.

CIMA offers a standards-based approach to help clients understand and build global data privacy programs. Leveraging an integrated apprpoach using ISO 27001 and 27701, we help clients build effective data protection programs to meet the obligations of GDPR. Using globally accepted standards helps ensure our clients efforts are relevant in 165 countries around the world, not just one nation's model approach.

GDPR / Data Privacy Services

Data Protection Impact Assessment

a padlock with a ring of start around it and the text Data Protection Impact Assessment with a blue map of Europe in the background

Performing an initial Data Protection Impact Assessment (DPIA) is not only a mandatory activity for compliance with GDRP, but also the best way to understand where and how data protection is relevant to the major business processes of your business.

CIMA's experts can help walk your organization through the DPIA providing your team with a documented baseline to being data protection program design and implementation efforts.

This document should also be retained as evidence of having performed the mandatory assessment for compliance with this regulation.

Data Privacy and Security Policy Development

Data Privacy and Security Control Design & Implementation Support

Using our proprietary methodology, we work with clients to development high-end data protection policies and standards, as well as subordinate processes and procedures in a hierachial fashion.

CIMA helps clients design, assess, implement and manage data privacy and security controls, which include process and procedural, as well as technology controls in convention and cloud based systems.

Certification Training

General Employee and Other Information Security Training

To help clients come up to speed with data privacy and security, CIMA offers certification training based on a structured methodology to ensure client readiness to build a data protection program.

CIMA also offers additional training services for custom training needs, an employee general information security training, and much more.