The EU General Data Protection Regulation (GDPR) came in to force on 25th May 2018 and applies to all organisations within the EU and to any non-member states that offer goods or services to EU residents.
Whilst in many ways an evolution of the existing data protection laws, the GDPR profoundly reshapes the way that organisations handle data governance because many do not meet the existing compliance standards. GDPR extends and broadens the types of personal data that are protected and increases the rights of data subjects. Data controllers and data processors now have new and substantial obligations to meet, and are expected to demonstrate accountability for protecting the privacy of personal data.
The potential penalties for non-compliance have increased significantly and are intended to be dissuasive. In addition, the regulation codifies the rights of individuals to claim compensation for distress and to launch ‘class actions’ in certain circumstances. Our GDPR Readiness Services provide organisations with an approach to understanding the regulation and their obligations; development of a tailored and prioritised readiness framework; implementation services and programme management; and ongoing data protection support and services. We provide these across four phases as follows
Phase 1: Understand: This is the starting point for organisations with limited knowledge of their data protection obligations and what GDPR means for them. Our services cover awareness training, executive and stakeholder briefings, assessment of your current compliance (gap analysis) for the regulation and review of your information security regime as compared to best practice.
Phase 2: Define: We define the scope of compliance for your organisation by gathering information about your processing activities and plans, Also, on the data protection procedures and working practices you have in place. We prepare a GDPR readiness framework and programme for your organisation with defined work streams and priorities.
Phase 3: Implement: We work with you to implement the framework and deliver the work streams agreed at Phase 2. We can support and help programme manage internal implementation or we can manage the full implementation process for you. Our services can be provided as consultancy or on a subscription basis, providing you with access to knowledge and resource as you need it.
Phase 4: Manage: Having implemented new procedures and working practices, it will be important to maintain and operate it as part of an ongoing lifecycle. This will help embed privacy into your culture and also prevent the working practices and procedures falling out of use as your business and key personnel change. We can help you maintain your management framework and assist with your ongoing data protection obligations. Again, our services can be provided as consultancy or on a subscription basis, providing you with access to knowledge and resource as you need it.
Data Protection & Privacy
Privacy and data protection has never been more important. Digitalisation and ‘digital first’ business models and customer experience strategies have made personal data more valuable than ever. Customer engagement is built on trust and individuals want to know what their data is being used for and why. They also want to control the circumstances where their data is being used to market goods and services to them. GDPR is only a part of the legislative framework. Organisations also need to comply with the Data Protection Act 2018. Many will also need to comply with the Privacy and Electronic Communication Regulations (PECR) and the NIS Directive.
We can help you meet your privacy obligations and implement best practice. Our services cover:
Data protection and GDPR readiness subscription services, including telephone and email support
Data Protection Officer as a Service
Out tasked data protection management
Data protection health checks
Applying data protection by design
Data protection impact assessments (PIAs)
Privacy notice, policy, procedures and guidance reviews
Subject access request procedures
Information risk management
GDPR & Data Protection Services November 6th, 2018Sean Huggett