Data production and data protection go hand in hand with all the new advances in technology. A large part of data protection is ensuring that the data can be restored quickly after its corruption or loss. The pandemic has caused millions of employees to work from home, thus creating data in heaps. Businesses are made compulsory to adopt to the new technologies of data protection.
Helping companies to adapt to this quickly and protect their data from all kinds of threats is Kerubiel.
In this interview with The Enterprise World, László György Dellei tells us all about how Kerubiel is helping organizations from data reach.
1. Tell us about GDPR Solutions?
Kerubiel is a 100% privately owned company providing services in the fields of data protection, cybersecurity, IT and related infrastructures for entities from Small and Medium-sized Enterprises to national and multinational companies operating in a multitude of sectors. In the last 4 years, our company has become a pool of contributing experts, researchers and other professional whose goal is to assist the client to achieve the highest level of GDPR compliance together with protection against threats in the cyberspace. As an enterprise committed to technological development, Kerubiel also has a strong R&D department participating in various national and international projects.
2. What were the initial challenges you faced?
Data protection and information security counselling is an extremely crowded market these days. Since 25th May 2018, controllers and processors are more conscious about their privacy agenda which trend is further strengthened by fines issued by DPAs, and news flooding the media about data breaches and zero-day vulnerabilities. But there are some factors that may be considered when considering upholding quality and trust toward your clientele, and thus overcome such challenges.
Besides the usual CRM, a company working on the data protection and cybersecurity market needs 2 distinct factors. The first is creativity and openness towards technological as well as legal advances. These areas are constantly and rapidly changing in terms of technology and infrastructure, and the legislative actions. These changes (or challenges) shall be calculated (in some cases foreseen) when one develops complex applications & solutions.
3. How were the first few years of your company?
In 2017, Kerubiel began its operation to provide assistance to a wide range of clients such as financial and insurance companies, as well as governmental organisations, e.g., healthcare providers and hospitals, etc. As its clientele grew, Kerubiel attracted a number of prominent professionals who joined the company, furthermore, a network of contributing and cooperating entities began to unfold around us.
In 2019, Kerubiel decided to widen its operation and began its R&D division. In this regard, the company participates in a number of scientific as well as professional research projects in the field of modern, developing technologies, such as AI or VR. Domestic and international projects provided a unique opportunity for Kerubiel to establish itself as a scientific think tank that continues to venture to emerging areas that may be effectively utilized in everyday operations.
In 2020, the pandemic has brought new challenges to the surface that needed to be tackled with. Cybersecurity and threats in the online environment became the focus of professional discussions and efforts. Thus, Kerubiel decided to strengthen its operations and tools in this respect.
4. What is the reason behind your company’s long-standing success?
Digitisation and client-centred approach. As to the first, digitisation has been on the scene since the establishment of Kerubiel. Originally being a consulting company, digital tools and communication have always been in the centre of operations. Thus, our experts can work parallelly on multiple projects, contact various customers easily and rapidly, and provide our services from home as well as from any remote places.
We believe that the finish line of a project does not mean the end of our support. Leaving the clients behind is always a bad sign. Thus, Kerubiel seeks to maintain a vivid and continuous relationship with its former and current clients as well.
5. What influenced you to start a GDPR Solution company?
The last decade brought data protection and information security issues to the limelight. In the era of data-driven society and economy, effective, lawful and secure management of personal data as well as information is a crucial element for companies. New opportunities and new threats had arisen as new technologies flooded the market and our everyday lives. As these issues became more important standard setting and legislative measures set into motion in a rapid pace. On of the results of this work is the GDPR, the centrepiece of the new European regime for data protection.
One of the main issues in the regulation is the so-called risk-based approach and the importance of integrity and confidentiality of personal data. These issues are the strong testament that the cooperation and coordination between data protection, and information security experts. With decades long experience in these interconnected areas, Mr. László György Dellei decided to establish Kerubiel, in 2017, to merge the expertise from data protection, IT, and information security, and to set up a provider that satisfies the need of the clients via state of the art, efficient, and compliant solutions.
6. What are the products/services the firm focuses on? How are your services different from those in the market?
Kerubiel offers a great variety of services in the fields of data protection and information security. On the one hand, the company is able to cover all aspects of the clients related to GDPR compliance. In this regard, we provide “classic” services, such as GDPR audits, when our staff assesses the compliance of the client’s data processing with applicable legal and practical requirements. In addition to the audit, our specialists provide practical advice and assistance regarding drafting documents (data processing and joint controllership contracts, policies, notices, records, etc.), performing impact assessments (e.g. legitimate interest assessment, DPIAs), and action plans.
Furthermore, Kerubiel may act as either the data protection officer of the client, or – regarding controllers or processors outside the EEA – as a designated EU representative. As a DPO, Kerubiel aim to provide its services in a manner that manifests to the clients that the data protection officer is an economic and compliance advantage rather than a legal necessity. And as a representative, our company assists the controllers (especially in the APAC region) in responding to requests of data subjects, in communicating with DPAs, and records of processing activities.
However, recent years – and especially the pandemic – showed that data protection may not properly function without the efficient security of data. Thus, in addition to GDPR services, Kerubiel also specializes in services such as IT audits and information security counselling (e.g. IT risk assessment, IT security counselling), developing complex cybersecurity systems based on ITIL and AI applications, and counselling on business continuity and disaster recovery plans. In so doing, Kerubiel utilizes IT standards, such as the ISO 27000 and the NIST 800-53 controls assessment.
Recently, the company has been focusing on Cyber Threat Intelligence software systems with Industrial Control System specifics and related services. Kerubiel specializes in threat hunting activities to collect, analyse and utilize data on possible attackers, methodologies, directions, motivations before, during and – in some cases – ex post facto the incident. In other words, we are applying dynamic protective measures to combat possible threats.