The General Data Protection Regulation (GDPR) came into effect on the 25th of May of 2018. In parallel, the United Kingdom passed the Data Protection Act 2018, our localised version of the legislation.
If you process the personal data of EU citizens, then you are required to comply with this legislation. Unfortunately, at this time there is currently no approved certification scheme which can indicate an organisations compliance.
The biggest challenge organisations face in implementing the GDPR is first obtaining a clear picture of how and why they process personal data. It's vital organisations have a solid handle on how they use, share, store and gather such data. Without solid foundations, it can become a near impossible task to ensure elements such privacy notices, polices and safeguards are accurate, appropriate and effective.
How well does your organisation understand and control its processes? Are they mapped and formally documented? Do you maintain a register of personal data being processed? Is this regularly reviewed and updated? How are new processes and projects assured for their privacy and security?
Our team can help demystify implementation and lighten your workload.
How we can help...
Review and audit - Are you are about to embark upon a GDPR programme? Would you like to verify the effectiveness of your existing framework?
Our experienced auditors can provide an independent review of your current privacy posture, detailing opportunities for improvement.
If you are preparing to implement the GDPR within your organisation, we can detail a road map for implementation vs your current readiness and infrastructure.
Process mapping and data landscaping - A first key step in protecting data, is first understanding how it is being used and processed.
Our experienced team can audit your organisations processes, creating detailed documentation and asset inventories.
In completing this work, you will gain a clear picture of how data is being processed - (collected, stored, shared, organised, deleted). This foundation allows your organisation to create accurate privacy policies, notices and procedures. Furthermore you can begin to examine the risks surrounding the data your process and how best to protect it.
Implementation - Our experienced team can help implement your GDPR privacy programme. We can accelerate and boot strap your framework with our expertise, experience and tools.
Areas we can assist with include:
Awareness training - Ensuring your staff are aware of their obligations and duties with respect to privacy and the new legislation.
Process mapping and your lawful basis for processing data - Practical help with auditing and documenting your processing activities, as well as defining their legal basis.
Managing consent - If you market electronically you will need to consider not just the implications of the GDPR but also PECR (Privacy and electronic communication regulation). We can help you to understand the best practice use of consent as a lawful basis for processing.
Breach and incident response procedures - To allow you to comply with the new 72 hour reporting window and record incidents effectively.
Data protection impact assessments - If you process special category data, you should conduct a data protection impact assessment (DPIA). The purpose of a DPIA is to identify and consider how to mitigate the risks associated with processing such data. We can help with conducting such assessments and any remediation requirements.
Data protection by design - We can help you put in place policies and procedures to ensure new projects and processing activities are considered for their privacy risks prior to going live.
International transfers - We can help you identify data being transferred across international / legal boundaries. We can work with you to ensure such transfers align to current legislation.
Upholding individuals rights - We can help prepare you to meet the requirements of the eight privacy rights now available to individuals - For example the right of access, commonly referred to as a subject access request (SAR).
Creating privacy notices - To ensure you comply with the right to be informed, we can assist in determining when and where you need to display notices and assist with their construction.
Supporting documentation - As part of any consultation we can create policies, procedures and documentation tailored to meet the specific needs of your organisation in its context.