This web site uses cookies. You are free to manage your cookie settings in your web browser at any time. For more about how we use cookies, please read our data privacy policy.

Data protection control framework

GDPR data protection control framework

Data protection operations framework
Operating and maintaining your GDPR compliant operating framework

When your GDPR compliant operating framework is operational, you will use it to manage, improve, maintain and remediate personal data processing throughout your organisation under the guidance of the framework. You will have the flexibility to run in BAU and kick off focused projects. Whatever your choice, your GDPR compliant operating framework facilitates an orderly transition towards better personal data protection.

The purpose behind implementing your GDPR / PECR compliant data protection framework is so that you can demonstrate a willingness to comply with data protection regulations.

We frequently get asked "what does GDPR compliance mean?". We have the answer, but we cannot claim ownership because it came from the ICO at our request.

To demonstrate GDPR compliance, an organisation must ...

  1. Show respect for the 6 GDPR principles
  2. Have implemented appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this regulation (the GDPR).

If you have implemented a framework based on the 6 principles and you are now operating within the framework, you are compliant. This does not mean that every single piece of personal data held by your organisation has been remediated, it does mean that you now address GDPR and PECR data protection using a compliant framework. The UK Information Commissioner has already stated that GDPR is a journey, possibly without end, so you are allowed to address unresolved GDPR issues as long as you do so within a GDPR compliant framework.


GDPR data protection control framework

What we will do

Risk assess each business area using a standard set of risk indicators

Establish remediation sequencing using the risk results

Perform the remediation using a two step process.

  1. Step one: build the remediation process for remediating the sequenced business areas.
  2. Step two: apply the same remediation process across the rest of the business areas in risk-rated sequence.

What we will deliver

The output of the remediation is a set of detailed artefacts demonstrating:

  • Data classification
  • Process transparency
  • Minimised personal data
  • Data retention and deletion processes
  • Data subject rights processing
  • Proportionate and adequate personal data security
  • An organisation-wide control structure
  • Managed reviews, oversight, monitoring and maintenance
  • Outsourced services, support and tools to keep you compliant

What you get

GDPR data protection control framework

Peace of mind

Our GDPR framework operating model and GDPR / PECR compliant structure enables you and your Directors to answer confidently regarding the personal data you hold:

  • What personal data do we hold?
  • Where is it?
  • For what purposes is it being used?
  • How secure is it?
  • Can I demonstrate GDPR accountability* to the Supervisory Authority (the regulator)?

* GDPR accountability is the ability to demonstrate respect for the 6 GDPR principles and evidence the implementation of appropriate technical and organisational measures.