The General Data Protection Regulation (GDPR) came into force on 25th May 2018 will remain in UK Law following Brexit. The new UK legislation, Data Protection Act 2018, became law on 23rd May 2018 and was in need of updating especially following the impact of technological innovations over the last 20 years.
Essentially, the changes require all organisations to consider how the regulations affect them.
There are some very specific actions required such as: - reviewing the consent you hold to use personal data as this may need renewing; making sure you know the personal data you hold and where it is; and, in particular, ensuring that you have all the necessary policies developed and in use.
Take a look at our online GDPR Handbook as a way of recording and demonstrating how your business complies GDPR and the new DPA2018 - click here.
Data mapping is a key task in the preparation for GDPR and will help identify the Personal Data being handled by an organisation; how it flows, and is stored, within existing processes; and if it is shared with third parties. Once completed, the map will highlight the GDPR issues that need to be dealt with such as: - why the data is held (lawful basis); what is processed (minimisation); how is stored (integrity and storage limitation); as well as the identification of the risks associated with the data. The image below is a simple visual example.
We can assist you in getting ready for GDPR and enable you to demonstrate that steps have been taken to follow the regulation.
We offer two services: -
Getting Ready for GDPR report
The service is delivered on-site and includes GDPR discovery and GAP analysis work which is split into two sections. The first part is an awareness session to go through key areas of the GDPR with senior team members of business functions that come into contact with personal data. This is followed by a series of 45-60 minute meetings with each business function. The onsite work is followed up with a report that will document: - the discussions held; gaps to be addressed; and a plan of the work streams and initial recommendations required to prepare for GDPR. The report will be presented during a follow-up meeting.
Online GDPR Handbook
We have developed an online Handbook as a framework for businesses and organisations to use a single point of reference for all their GDPR documentation both in preparation for the new law but also for on-going compliance recording.
The Handbook comprises 7 sections with over 40 documents including templated polices, spreadsheets for creating inventories and other documents for internal use. The Handbook requires further content to be added by each individual business or organisation.
The benefit of our approach is the structured process to dealing with an area that requires action now and can provide business owners and managers with the confidence that they have started the process of getting prepared for a major change in data protection law.
To get started today click here or telephone 020 3880 9554.