GDPR comes into effect on 25th May. Are you ready?
The effect of GDPR on any business which handles personal data is significant. It will impact across many different areas from strategic decision making and governance, right through to marketing and customer communications.
We know there are many businesses out there which don’t yet feel prepared for GDPR and, while time is short, it’s still not too late to make sure your firm is GDPR ready. Wherever you are on the cycle – just starting out, preparations in progress, almost ready for implementation or looking for post implementation verification – we can help. There’s even a GDPR toolkit of key documents which we’ve built to support a firm’s governance and processes.
Support and advice
Over the past months we have been helping firms to work through how GDPR will impact them and what practical steps they need to take to comply. Implementing GDPR is a process and we are ready and able to support you at every stage or just where you need additional support and resource.
1. Understanding the Regulation
Initial training and awareness – aimed at firms which need to improve their understanding of GDPR. In our training and discussion session we’ll provide you with an overview of the requirements and obligations of GDPR. Output from this session will be a high level action plan identifying the key stages in implementation.
2. Mapping your data
In order to identify the specifics of what you need to do to comply with GDPR, you’ll first need to map your data. Using the ICO template we will provide advice and support so you can answer key questions such as:
- • What data do you gather, hold and process?
- • How much is special categories of data (formerly ‘sensitive data’)?
- • Who accesses it and in what locations?
- • Where and how is it held?
- • What do you use it for?
- • Where did it come from and what permissions do you have to use it?
- • How recent is it and how accurate
3. GDPR readiness/gap analysis
Once your data is mapped we will work through a readiness/gap analysis with you. This is a detailed, operational analysis of your firm’s readiness to comply with the requirements and obligations of the GDPR. The analysis flags gaps and helps drive an action plan so you can target key risks and identify next steps; this process will also help you to assess what resources you may need to address any issues.
4. Advice, support and guidance
Our support includes access to a GDPR specialist to provide help and advice across the project from completing the data mapping through to creating your project plan and implementing actions.
5. GDPR toolkit
As part of our service we can provide a GDPR toolkit for firms to personalise. The toolkit covers key items such as:
- • DPA Policy plus supporting processes and registers for each of the following:
- • Right of access
- • Right to rectification
- • Right to erasure
- •Right to restriction of processing
- • Right to object
- • Client privacy notice
- • Template marketing consent
- • Template just in time notice
Senior staff – We can provide specific training for decision makers and those with oversight and operational control to provide clarity about what responsibilities look like for senior staff and how these should be allocated and managed.
Operational staff – This training is aimed at those staff whose day to day activities are affected by GDPR, looking at the impact of the Regulation from a more role-specific, activity-orientated perspective.
Bespoke training – Training tailored to the specific requirements of your business – including tailoring training for operational staff to reflect the firm’s own GDPR processes.
7. Pre and post-implementation assessment
If you feel your business is there or thereabouts, but you would value an independent view, we will conduct a verification visit to check that the processes you have in place are sufficient to meet the requirements and obligations of GDPR. This also gives you the chance to raise any issues you may have and get a specialist view.
On a more ongoing basis, we will be offering six monthly and 12 monthly post-implementation visits to evaluate how well controls and processes are working in practice and to assess future plans and developments where these might be impacted by GDPR.
8. Provision of an outsourced service
Whether you require support with the function of the Data Protection Officer (DPO) or you simply need access to an external resource to support your business we can provide advice and assistance.
For more information about our services or to discuss how we can support your business to comply with GDPR please contact us on 020 7436 0630 or email: firstname.lastname@example.org.