Understand your GDPR compliance requirements
Our data protection consultants will assess your organisation’s privacy management and data protection practices through an on-site review of the following areas:
- Data protection governance – the extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.
- Risk management – your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.
- GDPR project resourcing – the extent to which your organisation has implemented an appropriately staffed, funded and supported GDPR compliance programme.
- DPO (data protection officer) – whether your organisation is required to appoint a DPO, whether one has been appointed and, if so, whether they meet the Regulation’s requirements.
- Roles and responsibilities – the extent to which your organisation has defined and established appropriate roles and responsibilities, and delivered appropriate training and awareness.
- Scope of compliance – whether your organisation has clearly defined the scope of its GDPR compliance, taking account of all data processing in which it has a part, whether as data controller or processor, as well as any data sharing.
- Personal data processes – the extent to which each of the GDPR’s data processing principles are established for each process that involves personal data, whether a lawful basis for processing has been identified and documented for each, and whether a DPIA (data protection impact assessment) is mandatory under the Regulation.
- PIMS (personal information management system) – whether your organisation has implemented a PIMS that documents its GDPR compliance, and addresses staff training and awareness.
- ISMS (information security management system) – whether your organisation has implemented an ISMS to meet the GDPR’s requirements for “appropriate technical and organisational measures” in order to ensure the security of the personal data it processes.
- Rights of data subjects – the processes your organisation has implemented to facilitate and respond to data subjects exercising their rights under the GDPR.
What to expect
A GDPR specialist will interview key managers and perform an analysis of your existing data protection and privacy arrangements and documentation.
Following this, you will receive a gap analysis report of the findings. The report outlines the areas of compliance and improvement, providing further recommendations for the proposed GDPR compliance project.
Please click on each image for a closer look: