GDPR Compliance Process
GDPR Compliance Process
Includes and not limited to a survey of premises and current procedure of IT operation including:
Risk Analysis, Risk Assessment, Data Privacy Impact Assessment, Assignment of Data Protection Officer within your company, other.
*Price may vary subject to size of business, current procedures, location.
Highest levels of security
Fully Managed Solutions
Engineers Onsite 24/7
Updating Your Process
Good information handling makes good business sense. We enhance your business practice to further increase the level of trust and reputation, increase customer and employee confidence, and ensure personal information is accurate, relevant and safe.
Accountability is one of the data protection principles - it makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance.
You need to put in place appropriate technical and organisational measures to meet the requirements of accountability.
There are a number of measures that you can, and in some cases must, take including:
- adopting and implementing data protection policies
- taking a ‘data protection by design and default’ approach
- putting written contracts in place with organisations that process personal data on your behalf
- maintaining documentation of your processing activities
- implementing appropriate security measures; recording and, where necessary, reporting personal data breaches
- carrying out data protection impact assessments for uses of personal data that are likely to result in high risk to individuals’ interests
- appointing a data protection officer
- adhering to relevant codes of conduct and signing up to certification schemes.
Accountability obligations are ongoing. You must review and, where necessary, update the measures you put in place. If you implement a privacy management framework this can help you embed your accountability measures and create a culture of privacy across your organisation.
Being accountable can help you to build trust with individuals and may help you mitigate enforcement action.
Your Enhancements Will Include - and not limited to:
Controllers and Processors – Assess your high level compliance with data protection legislation. Includes the rights of individuals, handling requests for personal data, consent, data breaches, and data protection impact assessments under the General Data Protection Regulations.
Information Security – Assess your compliance with data protection in the specific areas of information and cyber security policy and risk, mobile and home working, removable media, access controls and malware protection.
Direct Marketing – Assess your business in the area of direct marketing in line with the Privacy and Electronic Communications Regulation (PECR) and data protection legislation. Includes consent and bought-in marketing lists, and telephone, email, text and postal marketing.
*Please note, direct marketing is the promotion of aims and ideals as well as the sale of products and services.
Records Management – Assess your records management procedures and risks to people’s personal information. Includes record creation, storage and disposal, access, tracking and off-site storage.
Data Sharing and Subject Access – Assess your data sharing policies and agreements, compliance monitoring, maintaining sharing records, registration and your process for how to deal with a request for personal data.
Website and Email Management - Assess your hosting compliance inclusive of server host location, SSL Certificates, two factor authentication, backups and storage. Email TLS configuration for encryption, data use, management and storage.
CCTV – Data protection law covers the use of CCTV. Assess the compliance of your CCTV systems including the installation, management, operation, public awareness and signage.