UK Data Protection / EU GDPR Compliance Framework

The interactive diagram below allows you to browse the processes which we use as a framework to help guide organisations through the process of becoming compliant with the EU’s GDPR or UK’s Data Protection Acts. The three high level areas comprise of Management Awareness, the Applicability Assessment process and the detailed Services which are available.

Data Mapping

  • Review and Audit data flows and perform a mapping exercise
  • Establish the ownership of data held by the organisation
  • Creation of data inventory, in order to develop a data protection program

Legality & Consent

  • Provide consent guidance and preparation for scrutiny
  • Consent issuance support
  • Assistance to demonstrate compliance with the principles of good data processing practices

Data Storage & Retrieval

  • Help to provide a framework to organise data in line with requests from data subjects
  • Guidance to implement technical controls to help ensure data is updated and / or removed in a way which is compliant with GDPR requirements

Data Privacy Impact Assessment

  • Establish the circumstances under which a DPIA becomes a necessity for various organisational processes
  • Define the specifics and detail of a DPIA, based on the organisation’s operations
  • Plan, train or manage staff to perform Data Privacy Impact Assessments / Data Privacy Impact Assessment

Organisational Structure

  • Guidance on a DPO (Data Protection Officer) requirement for the organisation
  • Recruitment support for a DPO requirement, or staff augmentation for the role
  • Help establish and reinforce Board level support for GDPR updates
  • Establish relationship with the relevant Supervisory Authority for the country of operation

Breach & Security Response

  • Review and Audit the organisation’s data flows and perform a data mapping
  • Educate and plan key stakeholders, based on GDPR and Data Protection Act breach reporting requirements
  • Reinforcement and Lead / Support testing, to help ensure that the organisation’s reporting capabilities remain appropriate

Securing the supply Chain

  • Formally document all relevant third parties handling PII
  • Audit and define the requirements for suppliers as per GDPR
  • Advice to Amend contracts as required to ensure compliance

Securing PII

  • Establish actions to secure the PII held or processed within the organisation
  • Provide support with technical infrastructure
  • Provide guidance on achieving ISO27001 certification

Our Free 8 Week Data Protection Act Compliance Plan is also available to help guide you though the process.