GDPR Advice & Planning

The EU General Data Protection Regulation comes into effect on 25th May 2018 across the EU. Although the UK is leaving the EU HMG has stated that the GDPR will apply in the UK – as it applies to all organisations processing the data of EU citizens, the likelihood is that any UK company transacting business in the EU which involves processing personal data will have to observe GDPR requirements.

GDPR represents a real step change in data protection practice and compliance across a broad range of areas from enhanced information security requirements, through greater data rights for individuals to improved information management; the penalties for non-compliance with the new legislation are also significantly greater.

The countdown towards compliance has begun and the Information Commissioners’ Office has clearly stated that there will be no “period of grace” – compliance with all aspects of the new legislation will be expected from 25th May 2018.

GDPR is a complex piece of legislation. Many organisations cannot be confident that they comply with the current Data Protection Act 1998 whilst others may find tackling the requirements of the GDPR to be a real challenge, particularly if they lack the specialist knowledge or resources to identify where their current information handling practices fail to meet these requirements or to find solutions which will help them to comply. Even where some internal resources are available, ongoing day to day commitments or the sheer scale of the task involved may suggest that the business would benefit from expert assistance.

The services available include:

  • Asset discovery – identifying what data is held in all forms that pertains to GDPR
  • Risk assessment – identifying all internal policies for data retention coupled with the business justification. This then results in recommendation for ‘data cleansing’ which then leaves the business critical information that needs to comply with GDPR
  • Gap analysis – identify the difference between the current status and the GDPR requirement and produce a clearly articulated plan to become conform with GDPR regulations
  • Implementation – we are able to assist in implementing improved security controls, certification to demonstrate industry best practice (ISO 27001, CE+)
  • Data Protection Officer – we can provide the DPO role on a part-time or full-time basis. This provides an external level of scrutiny and independence that can prove invaluable