How we help you achieve GDPR Compliance
The General Data Protection Regulation (GDPR) comes into force on the 25th May 2018.
At this point in time there is a lot of confusion about what this means to organisations due to sheer volume of conflicting, miss-informed or simply bad advice that contaminates the good advice and information that is out there.
We offer to help distill the information you will need to approach GDPR in an informed, common sense way and to help you to understand your obligations under this new regulation. Our approach looks to give you a company wide overview of how personal data impacts your business and how you can develop and practically apply Data Privacy Principles to assess, understand and securely control the personal data that you are responsible for.
This is achieved through a number of key steps:
Step 1 – Gap Analysis
This will identify the existing measures that you have in place to protect personal data, and will cover a number of areas including, the level of understanding and awareness of personal data throughout your business, where your personal data is kept and how it is used. We will also assess the policies, processes, technical controls notices and assessments that have in place to protect personal data, protect the interests of data subjects and demonstrate compliance to the GDPR.
Step 2 – GDPR Compliance
Driven by the findings in the Gap Analysis you will develop the necessary systems, documentation, processes and controls required to allow GDPR compliance to become part of your day to day business. This will include the development of training and awareness programs, definition of organisational roles and responsibilities, communication mechanisms for data subjects who may request information about their data and the the development of records necessary to demonstrate legal compliance.
We can provide the consultancy necessary to successfully manage this project, and provide proven methods and techniques to help you achieve your goals much quicker.
Step 3 – Maintenance
Following the implementation of the necessary systems and controls, ongoing maintenance activities will need to be conducted to maintain their health and relevance. This includes review and audit activities, incident management, monitoring new and emerging threats or new legislation and adapting the business to meet them, change management and dealing with any contact with Data Subjects or Supervisory authorities.
GDPR compliance is not something that you do once and it stays done. The environment inside and outside of every organisation is constantly moving and changing and so a compliant system will need to constantly adapt and change to meet new demands. For some organisations this can develop into a specific function within their business, for others it may only require a part time commitment.
Where resource allocation is a problem, we can provide support services that range from annual audits and assessments, to full Data Protection Officer (DPO) Services. For more information on our DPO Services, please check out our DPO Services Page.
GDPR Compliance Information
For more information on GDPR Compliance and how we may help you successfully meet these obligations, please contact us.
We will be creating an range of posts that will also enable you to better understand these requirements in straight forward simple terms. If you would like to be notified of any new posts on this topic then we will be giving you the chance to sign up for email notifications. Our signup process will be designed to be GDPR compliant so please feel free to look through the related content and documentation for any tips on how this may help you deal with your own data capture activities.