There is no denying that the gap is widening between privacy regulations and technological innovations. Despite the abundance of technical and legal experts, high levels of expertise are still quite difficult to find. This is because, the gap requires a thorough understanding of the organization’s technical ispaulsues (including cyber security) as well as ever changing ePrivacy Regulations to make technological innovations more competitive through compliance. Enter ‘Excis’ (Networks Ltd – www.excis.co.uk), a Kent, UK-based enterprise in operation since 2002. Their CEO Paul Benedek explains: “The biggest challenge we see facing our clients is the ever-growing gap between security and the legal operations and the expert skill gap in between them. The legal firms are trying to understand technical issues to ensure compliance whereas the security operations often lack in understanding as to why the compliance is needed and if so, how they should incorporate it in to their practices. This is exactly where Excis sits.
In Excis (Networks), we not only have deep understanding and expert skills in technical matters but also in legal matters to be able to bridge between them. We bridge the gap between technology and law. This is a unique position as very few companies can offer the services we can in this space. All of us in Excis have a science, technology, and legal background with many years of experience”. Paul Benedek adds: “Our clients are often developing innovative technologies, or they are international law firms who engage us to assist them and their clients. We assist law firms with their technical and legal due diligence for mergers and acquisitions or provide guidance to their clients on their security operations/ certifications required to prove compliance. We help technology firms, Software as a Service Businesses to implement privacy and security by design to enter new markets or in becoming firmly established in their market through compliance. We advise them in all areas of their business (engineering, security, biometric processing, and algorithm development) to implement privacy and security by design” “We are also setting technology, legal and privacy standards. We sit on the Cloud Security Alliance (the GDPR Centre of Excellence committee) where we advise on setting the standards for compliance and are developing a code of conduct for measuring compliance both in EU and the UK for cloud-based products and services.
We are also part of a working group to map the CCPA / CPRA to the CSA Privacy Level Agreement Code of Conduct for the GDPR. These standards allow for cloud-based organisations to align their privacy and cybersecurity in the cloud directly to meet the CCPA / CPRA and GDPR technical compliance requirements”. explains Paul Benedek.
Excis has been successfully eliminating gaps between technology and its legal aspects. As a result, Excis has been catering to several global Software as a Service (SaaS) businesses that are trading or starting to trade in the EU and UK. Excis’ expertise extends beyond cloud-based services to include more conventional services. The company’s name features among the industry leaders in data center technology, with more than 20 years of experience collaborating with businesses that host their data in their own or co-located data centers. Their CEO Paul Benedek explains: “A core component of our business is in assisting with complex data protection matters for our multi-award-winning clients in identity, healthcare who offer their services via cloud-based Software as a Service or retail clients who offer omnichannel sales solutions that involve many different areas of data protection, cybersecurity, and interaction. We take special care to explore and understand our customer’s business and products and always strive to assist them in becoming more competitive through compliance”. “Our skills not only reside with cloud-based services but also with more traditional services too. We are data centre technology experts and have over twenty years experience of working with organisations who host their data in their own or co-located data centres”, emphasises Paul Benedek.
Furthermore, Excis also is a highly specialised and skilled training enterprise. Since its inception, Excis has empowered many enterprises to develop their own in-house teams by extending privacy and security education, its CISO and DPO services as well as dealing with the privacy and security certifications of their clients. “This is very cost effective and it substantially reduces our clients’ overall costs of compliance”, states Excis’ CEO Paul Benedek.
A client (Viz.ai), a well-known AI-medical device company, approached Excis intending to expand and sell their SaaS solution providing stroke analysis software into the UK and EU. Excis was convinced that a complete review of their business from a NIS and GDPR perspective was necessary to assess their readiness and compliance to expand Viz.ai into the UK and EU markets. “Our approach ensured that Viz.ai was not only compliant but in a position to deal with both customers and regulators who increasingly demand an evident approach to compliance,” informs Excis’ CEO, Benedek. Both technical and legal aspects of the client’s cloud platform were assessed to ensure their cyber security and technical measures were implemented, measured, and demonstrated for compliance. “Our review covered their entire data lifecycle, business, and cloud platform. We audited and identified key policy, legal, technical, and process gaps and made recommendations to close them. We then assisted them in implementing recommended solutions to ensure they were compliant when they started selling their products in the EU and UK. Our depth and breadth of coverage included their security and legal compliance, where we also wrote their legal documents for compliance and undertook mandatory risk assessments,” completes Excis’ CEO, Paul Benedek. Low expenditures, flexibility, and expert knowledge in both legal and deeply technical matters back Excis’ services. The expert team comprised of industry veterans makes fast reactions and delivery possible. In addition, the firm’s technical and legal expertise aligns its work in such a way that it can assess then implement the level of compliance across the entire data lifecycle.