The GDPR (General Data Protection Regulation) is the biggest change in data protection in over a generation, GDPR is not only about IT system security, it is a culture and data security journey to where the data subjects have full control, and clear visibility of their data during the full data lifecycle. The organisation involved must document and demonstrate their data processing policies/procedures, as well as continue to ensure they use up to date “state of art” data security based on the data risks during the data processing lifecycle and the GDPR project needs to include a review of the following: –

  • Technical and organisational protection measures, including documenting how you will comply with the principle of “data security by design and by default” at all times.
  • The need for a Data Protection Officer in some cases.
  • Personal data – an expanded definition
  • Responding to subject access, these need to be responded to within 1 month and at zero charge.
  • Managing consent and acting transparently to the data subject at all times.
  • Mandatory breach notifications to the data commissioner.
  • New customer and employee, terms and conditions/engagement documentation.
  • Commercial risk because of the possible data commissioner fines of up to 20million or 4% of global turnover whichever is higher, data subject legal action for material and non-material damage and reputational damage.

We can help you with the following either on an Ad-hoc or fully outsourced basis:

  • Presenting full details of GDPR to the most senior members of the organisation to make them aware of their responsibilities with regards to GDPR;
  • Assess the physical and data system for compliance to existing data protection act compliance and recommend any changes required to be GDPR compliant;
  • Building a roadmap for implementation of appropriate regulatory and compliance architecture;
  • Ensuring your data risk management is integrated into your overall risk management structure;
  • Assisting you with performing data flow mapping;
  • Building compliance and notification processes;
  • Assisting you with conducting Data Privacy Impact Assessments (DPIAs);
  • Internal and external vulnerability annual, 3monthly, monthly scans as required based on the data risks;
  • Helping you develop a data breach response action plan;
  • Helping you develop a subject access request process;
  • Assessing and providing your organisation’s data protection training needs,
  • Keeping the organisation updated with the latest threats and advise any changes as “state of art” and threats develop to ensure ongoing compliance,
  • Engage with your customers and or the data commissioner as your data protection officer to provide assurance to you internal and external data stakeholders,
  • Performing independent reviews of existing GDPR plans.