FINBANK - CYBERSEC CONSULTING - ONGOING SUPPORT

Ivory COAST - CYBERSECURITY AWARENESS TRAINING - LEADERS IN FINANCE INDUSTRY

SCHEDULED _ JANUARY 17, 2025

SECSENI - NEW PROJECT DEVELOPMENT - COMING SOON

Completed Projects

Data Protection Compliance & Cybersecurity Frameworks

1. CHUK Hospital - GDPR & Law 058/21 Compliance

Project Overview:
CHUK (Centre Hospitalier Universitaire de Kigali) is one of Rwanda's largest hospitals, responsible for protecting sensitive patient data. I worked closely with CHUK to ensure their compliance with GDPR and Rwanda’s Law 058/21 on Data Protection.

Key Actions:

• Conducted a comprehensive gap analysis of their existing data protection practices.

• Developed and implemented data protection policies aligned with both GDPR and Law 058/21.

• Provided employee training on data handling and privacy, ensuring compliance across all hospital departments.

• Helped establish a robust data protection framework for sensitive patient data.

2. Norrsken Africa - GDPR Compliance

Project Overview:
Norrsken Africa, an innovative hub for tech and social impact ventures, required assistance in becoming GDPR-compliant to ensure their data handling practices met international standards.

Key Actions:

• Conducted a detailed assessment of their data processing activities.

• Updated and implemented GDPR-compliant privacy policies and data subject rights procedures.

• Provided hands-on training to Norrsken's staff to raise awareness and promote data protection best practices.

• Ensured that all third-party contracts met GDPR requirements.

3. SKOL Brewery - GDPR Compliance

Project Overview:
As a leading beverage manufacturer in Rwanda, SKOL Brewery handles large amounts of customer data, requiring compliance with international data protection laws. I helped SKOL achieve compliance with GDPR to protect both employee and customer information.

Key Actions:

• Reviewed SKOL’s existing data protection policies and procedures.

• Conducted a privacy impact assessment and implemented GDPR-required safeguards.

• Trained SKOL employees across different departments on data protection principles.

• Developed and implemented data subject access request (DSAR) procedures.

4. École Belge - GDPR Compliance

Project Overview:
École Belge, an international school based in Kigali, needed to comply with GDPR to protect personal data of students, parents, and staff members.

Key Actions:

• Conducted a data inventory and mapping to identify where sensitive data was stored and processed.

• Implemented GDPR-compliant data handling procedures, including explicit consent mechanisms.

• Provided training for staff on GDPR compliance and data subject rights.

• Established data retention and deletion policies aligned with GDPR standards.

5. Finbank - ISO 27001 Compliance

Project Overview:
Finbank, one of Burundi’s leading financial institutions, engaged me to assist in their journey towards ISO 27001 certification. My work focused on ensuring that their information security management system (ISMS) met international standards for protecting sensitive financial data.

Key Actions:

• Conducted a full audit of their information security practices.

• Developed and implemented an ISMS to align with ISO 27001 standards.

• Led the process of risk management, identifying vulnerabilities and mitigating potential security threats.

• Assisted with staff training on ISO 27001 principles and practices, and conducted mock audits to ensure readiness for certification.

6. Gestion CIGA - PIPEDA & ISO 27001 Compliance

Project Overview:
Gestion CIGA, a company operating in Canada, required compliance with PIPEDA (Personal Information Protection and Electronic Documents Act) and ISO 27001 to safeguard their client and business data.

Key Actions:

• Performed a comprehensive data privacy audit to identify PIPEDA compliance gaps.

• Developed and implemented PIPEDA-compliant data protection policies and procedures.

• Conducted risk assessments and implemented an ISO 27001-aligned ISMS.

• Provided training on data protection regulations and helped staff understand their responsibilities under both PIPEDA and ISO 27001.

7. Other Security Frameworks: COBIT & ISO 27001

Beyond specific regulations like GDPR and PIPEDA, I have also worked with companies to implement industry-leading security frameworks such as COBIT and ISO 27001 to enhance overall cybersecurity resilience.

Key Actions:

• COBIT: Developed IT governance frameworks to ensure strategic alignment of IT processes with business objectives, risk management, and performance monitoring.

• ISO 27001: Implemented information security management systems (ISMS) for several clients to meet ISO 27001 certification requirements, securing sensitive data and improving overall security posture.

Why Choose Me?

• Expertise in Data Protection Laws: I specialize in a wide range of data protection regulations such as GDPR, PIPEDA, Law 058/21, and frameworks like ISO 27001 and COBIT.

• Proven Track Record: I’ve successfully helped organizations across Africa and Canada achieve compliance and improve their cybersecurity resilience.

• End-to-End Support: From policy development and implementation to employee training and ongoing support, I offer a comprehensive approach to data protection and cybersecurity.

"David’s proactive approach and attention to detail ensured that our systems are more resilient, and our team is more aware of potential threats. His dedication to tailoring solutions to our specific needs was outstanding. I highly recommend David for his professionalism, technical knowledge, and commitment to delivering exceptional results.

— Kesh Smith,

CEO of ACUBIC LAB.

★★★★★