The General Data Protection Regulation (GDPR) consists of rules on the protection of personal data that aim at two main objectives: to give European citizens complete control over their personal data and simplify the regulatory framework for the companies that manage such data. The GDPR is intended as an enabling tool for the digital market and is part of the policies of the European Commission for the development of the digital economy. It defines the concept of privacy by introducing specific rules on data processing methods, data subjects’ rights, who is responsible for the data, methods of communicating any violations suffered, penalties for infringement of the regulation. To comply with the GDPR, companies must adapt their policies to the requirements of the regulation.

How NSR works:
NSR has a team of consultants with specific regulatory and organizational skills, as well as technological, to guide customers in the process of adapting their organization for the secure processing of information, also with a view to compliance with privacy legislation and the protection of personal data

• Assessment of data processing, assets, and organizational context
• Risk assessment, risk analysis, risk management
• Business impact analysis, Privacy impact analysis
• Creation of support tools and IT systems for the management of processes, data processing, and risk parameters