The EU General Data Protection Regulation (GDPR) comes in to force on 25th May 2018 and will apply to all organisations within the EU and to any non-member states that offer goods or services to EU residents. The UK is committed to GDPR notwithstanding the Brexit vote, and a new Data Protection Bill will be introduced to parliament this year to pave the way for the new regime.
Whilst in many ways an evolution of the existing data protection laws, the GDPR will profoundly reshape the way that organisations handle data governance because many do not meet the existing compliance standards. GDPR extends and broadens the types of personal data that are protected and increases the rights of data subjects. Data controllers and data processors will have new and substantial obligations to meet, and will be expected to demonstrate accountability for protecting the privacy of personal data.
The potential penalties for non-compliance increase significantly and are intended to be dissuasive. In addition, the regulation will codify the rights of individuals to claim compensation for distress and to launch ‘class actions’ in certain circumstances. Our GDPR Readiness Services provide organisations with an approach to understanding the regulation and their obligations; development of a tailored and prioritised readiness framework; implementation services and programme management; and ongoing data protection support and services. We provide these across four phases as follows
Phase 1: Understand: This is the starting point for organisations with limited knowledge of their data protection obligations and what GDPR means for the. Our services cover awareness training, executive and stakeholder briefings, assessment of your current preparedness for the regulation and review of your information security regime as compared to best practice.
Phase 2: Define: We define the scope of compliance for your organisation by gathering information about your processing activities and plans, Also, on the data protection procedures and working practices you have in place. We prepare a GDPR readiness framework and programme for your organisation with defined work streams and priorities.
Phase 3: Implement: We work with you to implement the framework and deliver the work streams agreed at Phase 2. We can support and help programme manage internal implementation or we can manage the full implementation process for you. Our services can be provided as consultancy or on a subscription basis, providing you with access to knowledge and resource as you need it.
Phase 4: Manage: Having implemented new procedures and working practices, it will be important to maintain and operate it as part of an ongoing lifecycle. This will help embed privacy into your culture and also prevent the working practices and procedures falling out of use as your business and key personnel change. We can help you maintain your management framework and assist with your ongoing data protection obligations. Again, our services can be provided as consultancy or on a subscription basis, providing you with access to knowledge and resource as you need it.
Data Protection & Privacy
Privacy and data protection has never been more important. Digitalisation and ‘digital first’ business models and customer experience strategies have made personal data more valuable than ever. Customer engagement is built on trust and individuals want to know what their data is being used for and why. They also want to control the circumstances where their data is being used to market goods and services to them. GDPR is only a part of the legislative framework. Organisations already need to comply with the Data Protection Act 1998. Many will also need to comply with the Privacy and Electronic Communication Regulations (PECR), which is expected to be replaced once the new ePrivacy Regulation passes in to law.
We can help you meet your privacy obligations and implement best practice. Our services cover:
Data protection and GDPR readiness subscription services, including telephone and email support
Out tasked data protection management
Data protection health checks
Applying data protection by design
Data protection impact assessments (PIAs)
Privacy notice, policy, procedures and guidance reviews
Subject access request procedures
Information risk management
GDPR & Data Protection Services September 10th, 2017Sean Huggett