The interactive diagram below allows you to browse the processes which we use as a framework to help guide organisations through the process of becoming compliant with the EU’s GDPR or UK’s Data Protection Acts. The three high level areas comprise of Management Awareness, the Applicability Assessment process and the detailed Services which are available.
Data Mapping
- Review and Audit data flows and perform a mapping exercise
- Establish the ownership of data held by the organisation
- Creation of data inventory, in order to develop a data protection program
Legality & Consent
- Provide consent guidance and preparation for scrutiny
- Consent issuance support
- Assistance to demonstrate compliance with the principles of good data processing practices
Data Storage & Retrieval
- Help to provide a framework to organise data in line with requests from data subjects
- Guidance to implement technical controls to help ensure data is updated and / or removed in a way which is compliant with GDPR requirements
Data Privacy Impact Assessment
- Establish the circumstances under which a DPIA becomes a necessity for various organisational processes
- Define the specifics and detail of a DPIA, based on the organisation’s operations
- Plan, train or manage staff to perform Data Privacy Impact Assessments / Data Privacy Impact Assessment
Organisational Structure
- Guidance on a DPO (Data Protection Officer) requirement for the organisation
- Recruitment support for a DPO requirement, or staff augmentation for the role
- Help establish and reinforce Board level support for GDPR updates
- Establish relationship with the relevant Supervisory Authority for the country of operation
Breach & Security Response
- Review and Audit the organisation’s data flows and perform a data mapping
- Educate and plan key stakeholders, based on GDPR and Data Protection Act breach reporting requirements
- Reinforcement and Lead / Support testing, to help ensure that the organisation’s reporting capabilities remain appropriate
Securing the supply Chain
- Formally document all relevant third parties handling PII
- Audit and define the requirements for suppliers as per GDPR
- Advice to Amend contracts as required to ensure compliance
Securing PII
- Establish actions to secure the PII held or processed within the organisation
- Provide support with technical infrastructure
- Provide guidance on achieving ISO27001 certification
Our Free 8 Week Data Protection Act Compliance Plan is also available to help guide you though the process.