The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 will remain in UK Law following Brexit. The current legislation, Data Protection Act, is out of date and has needed updating following the impact of technological innovations over the last 20 years.
Essentially, the changes will require all organisations to consider how the regulations affect them or whether they do not apply, the latter cannot be assumed and the reasons why demonstrated if required.
There will be some very specific actions required such as: - reviewing the consent you hold to use personal data as this may need renewing; making sure you know the personal data you hold and where it is; and having a breach incident plan in place – just in case.
Take a look at our online GDPR Handbook as a way of getting your business or organisation ready for GDPR - click here.
Data mapping is a key task in the preparation for GDPR and will help identify the Personal Data being handled by an organisation; how it flows, and is stored, within existing processes; and if it is shared with third parties. Once completed, the map will highlight the GDPR issues that need to be dealt with such as: - why the data is held (lawful basis); what is processed (minimisation); how is stored (integrity and storage limitation); as well as the identification of the risks associated with the data. The image below is a simple visual example.
We can assist you in getting ready for GDPR and enable you to demonstrate that steps have been taken to follow the regulation.
We offer two services: -
Getting Ready for GDPR report
The service is delivered on-site and includes GDPR discovery and GAP analysis work which is split into two sections. The first part is an awareness session to go through key areas of the GDPR with senior team members of business functions that come into contact with personal data. This is followed by a series of 45-60 minute meetings with each business function. The onsite work is followed up with a report that will document: - the discussions held; gaps to be addressed; and a plan of the work streams and initial recommendations required to prepare for GDPR. The report will be presented during a follow-up meeting.
Online preparation & assessment portal
The portal provides a checklist of requirements for Cyber Essentials, IASME, and GDPR. The questions for these three areas when combined will provide you a framework that can be assessed so that a certificate demonstrating compliance with the Cyber Essentials and IASME standards, and GDPR Readiness can be issued.
The benefit of our approach is the structured process to dealing with an area that requires action now and can provide business owners and managers with the confidence that they have started the process of getting prepared for a major change in data protection law.
To get started today click here or telephone 020 3880 9554.