NATIONAL CYBER SECURITY ZONE

GENERAL DATA PROTECTION SERVICES FOR THE ENTERPRIZE

2

SECURITY TRENDSTHE IMPORTANCE OF DATA

Data is one of the most important assets a company can have. Cybercrime damage costs to hit $6 trillion annually by 2021.

CYBERSECURITY SPENDING

Cybersecurity spending to exceed $1 trillion from 2017 to 2021.

THE TALENT GAP

Unfilled cybersecurity jobs will reach 1.5 million by 2019.

A WIDER NET

Targets of private data breaches to reach 4 billion people by 2020.

INTERNET OF (UN)SECURED THINGS

Up to 200 billion IoT devices will need securing by 2020.

SURVIVAL RATES: GRIMGartner: only 6 percent of companies survive longer than two years after losing data.

US NATIONAL CYBER SECURITY ALLIANCE

60% of small companies are unable to sustain their businesses over six months after a cyber attack.

PONEMON INSTITUTEThe average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.

3

GDPRThe General Data Protection Regulation comes into effect in all

28 EU Member States on the 18th of May 2018 following a two

year preparation period. .

THE IMMINENT THREATThough cybersecurity in general has been on the radar for a

long time, GDPR brings a specific deadline into the picture.

Spending on IT security systems has increased, while

specialized human resources are in shortage.

PENALTIES AND FINESLosses caused from a breakthrough in information security

may be with fatal business subsequences. Fines could reach

20 million EUR or 4% of global company turnover.

4

THE PROBLEMGDPR entails numerous regulations to increase the responsibility and accountability of personal data administrators.

In practice, it is more complicated.

MOBILITYRequirement for data to be mobile

and subject to transfer.

BY DESIGN, BY DEFAULTSystems must be built to enable

privacy “by design” and privacy “by

default”.

RISK ASSESSMENTMandatory periodical risk

assessment.

THE RIGHT TO BENew procedures to enable deletion

and transfer of data and the right to

be forgotten.

CONSENTNew rules for acquiring customer

consent to process and store data.

BREACH REPORTINGMandatory reporting of data

breaches and security incidents

within 72 hours.

DATA PROTECTION OFFICERA new position in corporate hierarchy.

MORE DATAPersonal data must now include IP

address, cookies, etc.

5

A LOT NEEDS TO CHANGEWith regards to personal data, an

organization now has to take

responsibility, provide reports, and

announce results in a transparent

way.

Creating an organizer cyber

security hierarchy.

Creating and implementing

data protection policies.

Personal data handling courses

and seminars.

Rules about analyzing,

defining, and transferring data.

Information security risk management

from 3rd parties.

Creating and implementing

breach reporting procedures.

6

S STANDS FOR SOLUTIONWe condensed the problem to: “We need a big enough budget and the right talent

to be able to offset the GDPR risks in time.” So, what is the solution?

Cost-effective As A Service model (SECaaS) which fits

into existing budgets

COST

No vendor lockins and the faster startup time

decrease risks.

RISK

End-to-end expertise: gap analysis, implementation and certification.

TALENT

Reduced startup time, an experienced team and pre-configured solutions.

TIME

GDPSGENERALDATAPROTECTIONSERVICE

7

ENFORCES DATA PROTECTION

is a cyber security zone. We offer a real end-to-end solution for securing your company not just for GDPR, but for the future.

INITIAL GAP ANALYSIS CONSULTING

GDPR COMPLIANCE CONSULTING

TECHNOLOGY SOLUTIONS

TECHNOLOGY IMPLEMENTATION

OPERATIONS

CERTIFICATIONS

SOLUTIONS

8

A STEP BY STEP SOLUTIONWe provide an end-to-end service for GDPR compliance including an initial GAP

analysis, solution design and implementation, certification, and operations.

ASSESSWe determine where the

gaps in GDPR compliance

are through dataflow and

internal process analysis.

IMPLEMENTWe determine the

necessary organizational

changes and

technological solutions.

DESIGNWe analyze the cost vs benefits

alongside an assessment of

risks and solutions

OPERATEAfter certification, we

provide comprehensive

maintenance and

operations for the data.

9

ASSESSInitial assessment (GDPR GAP Analysis) of current level of GDPR compliance.

INITIAL (GAP) RISK & COST

BUSINESS SPECIFICS EVALUATION

COMPLIANCE LEVEL EVALUATION

EVALUATION & RECOMMENDATIONS

RISK EVALUATION

AVAILABLE MEASURES

COST VS BENEFIT EVALUATION

10

DESIGNWe prepare a comprehensive plan with the required changes to comply with the GDPR regulation.

BUSINESS TECHNOLOGY

UPDATE INTERNAL REGULATIONS

BUSINESS PROCESS RESTRUCTURING

DPO ROLE AND FUNCTION DEFINITIONS

PERSONAL DATA IDENTIFICATION &

DISCOVERY

SOLUTIONS FOR INFORMATION

PROTECTION & ENHANCED SECURITY

TOOLS REQUIRED TO DETECT & REPORT

CYBER ATTACKS & DATA BREACHES

11

IMPLEMENTWe develop procedures to control and maintain the implementation of the GDPR compliance process for both

internal business processes and the integration of the technological solutions.

BUSINESS TECHNOLOGY

SELF ASSESSMENT PROCEDURES

UPDATING DATA HANDLING RULES

CHANGE MANAGEMENT PROCEDURES

SOLUTIONS TO AUTOMATE PERSONAL

DATA MANAGEMENT

SOLUTIONS TO PROVIDE ENHANCED

PERSONAL DATA SECURITY

SOLUTIONS TO REFLECT GDPR

REQUIREMENTS

12

OPERATEWe prepare a comprehensive plan with the required changes to comply with the GDPR regulation.

BUSINESS TECHNOLOGY

MAINTAIN OVERALL GDPR COMPLIANCE

REGULAR TESTS & CHANGE MANAGEMENT

REGULAR EDUCATION & LEGAL

REQUIREMENTS UPDATES

PERSONAL DATA PROTECTION

SOLUTIONs

DETECT & REPORT CYBER ATTACKS &

DATA BREACHES

ENSURE BUSINESS CONTINUITY &

CONFIDENTIALITY

13

OUR TEAM

PETER KIRKOV

NIKOLAI GENCHEV

STEFANA TSEKOVA

RAMONA CHERVENKOVA

PARTNERS, ADVISORS AND VISIONARIES

CONSTANTINOS LIMENIDESMBA, Management and Technology,

MSc, Manufacturing Systems Engineering

Rensselaer Polytechnic Institute, USA

ALEXANDER AVRAMOVMSc Computer Science

X-CEO: Stone Computers

MAYA TUNCHEVAMCs Finance,

X-CFO Memonica, easy3D, Crystal Water, Naftex Engineering

VASIL SULTANOV

CEH, CCNACybersecurity Consultant

Specialist in PenTests, network security, ISO 27001, PCI DSS

certification.

THANK YOU