Business & Technology Risk Partners
- GDPR and Data Protection
Expert advice and support.
General Data Protection Regulation (GDPR) readiness
The GDPR should be seen as evolution in data protection and not as a burdensome revolution. The main change is your organisation will need to be able to evidence much of what you probably do already.
We work with you to understand where you are on your GDPR journey and help you to sort out the fact from the fiction. This will allow you to develop a clear plan and communicate its importance to your senior stakeholders.
Our approach to working with you is flexible and we can offer as much or little support as you need. For example, this may be a regular heath check of your progress around GDPR to get an independent view and make sure you’re on the right track, or we can help out with some of the more detailed activities needed to understand what personal information you hold, what it is used for and who it is shared with.
Personal information audits
A key aspect of GDPR under Article 30 is keeping a record of your processing activities. Organisations are approaching this in many different ways with widely varying cost and resource implications.
We will work with you to decide the approach that works best for you, and also supports the requirements for detailed data retention records and the data protection by design principle under the GDPR.
Data protection policy and procedures
Having clear, practical policies and procedures is essential to raising the profile of data protection in your organisation. Detailed procedures around dealing with data breaches and subject access requests will help to make sure you can comply with the reduced timeframes from reporting and responding to data subjects under the GDPR.
We can work with you to review your existing data protection policies and procedures and make sure they are ready for the GDPR.
Data privacy impact assessments
The GDPR requires organisations to formally consider the impact on individuals when implementing any new technologies or new processes that require processing of personal information. If it is decided there is a high risk to the rights and freedoms of individuals then a data protection impact assessment must be performed.
Our experience in change delivery and internal audit means we can work with you to undertake data protection impact assessments and come up with action plans including mitigating controls to reduce impacts of any risks identified by the assessment.
Data protection training and awareness
The key message of GDPR is to make people aware of their rights around protecting their personal information. Training and general GDPR awareness campaigns within your organisation is essential to achieving these goals.
We offer on-site GDPR training and awareness sessions. This can include
- Training for all staff on the background of the GDPR and the implications to them.
- Training for the nominated Data Protection Officer and their team, highlighting the processes they have to follow such as subject access request management.
- Training for senior management on their obligations and the requirements of a GDPR implementation project.
All our courses are tailored to reflect your organisation and the key messages that need to communicated.
