The GDPR is the General Data Protection Regulation. It serves one purpose. It protects individuals' rights regarding personal data balanced against the rights of the organisation holding their personal data. We need to respect the personal data rights of everyone (including employees) whose personal data we hold. We do this by implementing a set of organisational and technical measures that enables us to better manage and control how we handle personal data and ensure that it is secure. The GDPR requires us to implement a framework that protects the personal data we hold and helps us reduce the risk of costly human error when handling personal data. The GDPR framework: evidences that we are in control, protects the personal data we hold, helps our staff, shows that we care about privacy, builds a defensible position and enables an orderly transition.
What we will do
A GDPR readiness assessment.
We will deliver a standard, template based GDPR framework implementation.
Policies, standards, procedures, training, best practice and "how to" guides.
You choose: you do it all yourself, we provide guided implementation, we perform the implementation.
The structure and all supporting material are founded on our GDPR framework benchmark model.
What we will deliver
The output of the assessment comprises:
- Governance and policies
- Standards and procedures
- Internal training to "best practice"
- "How to" guides
- Templates for collecting regulatory data
- Implementation consultants or "Do It Yourself" delivery under our periodic guidance
What you get
- Personal data governance
- Policies and standards
- Data Protection Officer
- Operating model
- Third party contracts
- Processes and procedures
- Controller and Processor roles
- Management and control libraries
- Risk Assessment (DPIAs)
- Quality Assurance
- Subject Access Requests
- Security, breach detection and notification
- Records management
- Contract and agreement management
- Training material