Through our compliance audits we ensure that our clients’ digital solutions adhere to regulatory and information security standards, as well as best practices. We can audit current systems and digital solutions in development.

The European Union’s General Data Protection Regulation (GDPR) governs the processing of personal data relating to individuals in the EU, with non-compliance leading to sizable fines of up to €20 million or 4% of annual revenue.

This regulation does not only apply to European companies, but also to foreign businesses trading in Europe or with access to the personal data of European citizens.

With our GDPR compliance audits we not only ensure that our clients’ digital solutions and processes adhere to the regulation, but also provide strategic improvements towards privacy by design.

GDPR compliance requires organisations that hold personal data to frequently audit and test their systems to check data security and system resilience when processing and storing personal data. We help our clients to fully integrate GDPR practices into their digital environment and address regulatory questions such as:

  • Does the digital solution process and store personal data securely, protecting it against unlawful processing, accidental loss and destruction?
  • Is privacy by design embedded as default into the solution?
  • Can the digital solution minimise, pseudonymise and encrypt personal data when necessary?
  • Does the solution restrict access to only those with authorisation to manage personal data?
  • Can the digital environment be restored in the event of physical or technical incidents?
  • Does the solution support documented data destruction processes?

Through years of experience implementing secure data processing in practice, we know that information security does not stop at the boundaries of your IT systems, but that offline processes and the “human element” are one of the main causes for data loss and data breaches. GDPR, and similar regulations in other jurisdictions, therefore require the same or stricter standards to be applied to any non-digital processing of personal data.

Sensitive personal data is often gathered and processed by different departments and their IT systems across a company, such as sales and customer service, marketing and analytics, as well as any tax or other statutory record-keeping departments.

We regularly work with our clients to establish and maintain corresponding security standards across all their business processes which interact with, or have access to personal data. Through our comprehensive approach of auditing digital and offline data handling processes, our clients easily achieve organisation-wide compliance.

We work closely with our clients’ legal department or outside counsel, or our own network of specialised legal advisors if required.

The second Payment Services Directive (PSD2) was introduced in 2019 by the European Commission and regulates the new requirements for authenticating online payments, known as Strong Customer Authentication (SCA).

Strong Customer Authentication applies to all online payments made by customers to businesses within the European Economic Area (EEA). Although enforcement has been delayed since the regulation was introduced, it is likely that banks will start declining payments that do not adhere to SCA requirements by the end of 2020.

SCA requires European businesses that make online sales to prepare their payment flows with an additional authentication, such as a password or PIN, mobile device or hardware token authorization, fingerprint or facial recognition.

We support our clients in understanding whether their sales fall under the new PSD2 SCA regulation and, if so, ensure that their checkout process meets SCA criteria and payments are not declined going forward. We can support clients with their own, as well as third-party payment processing solutions.

For today’s data-driven economies information security is a business issue and not just the responsibility of the IT department or service provider. With our information security audits we help our clients’ senior IT stakeholders and leadership team make the right decisions about the security of their data storage, processing and digital environment.

Our holistic approach to information security ensures that our clients employ the best range of processes, products and services to create a secure and resilient foundation for their business.

All our information security audits are tailored to our clients’ needs, circumstances and markets. They can address the following areas:

  • Compliance with the various bits of applicable legislation
  • Data security testing across systems and processes
  • Creating best-practice frameworks for information security systems and procedures
  • Embedding operational reliability and business continuity through secure and accessible data storage and management
  • Maintaining competitive confidentiality to limit competitor access to any valuable information
  • Secure application and digital product testing
  • Secure destruction of confidential data
  • Raising awareness of information security internally and onboarding stakeholders and system users