General Data Protection Regulation (GDPR) - Are you compliant?
From the 25th May 2018 new regulations came into force which govern how data must be handled. Compliance is compulsory and organisations found to be in breach of the regulations may find themselves liable for fines of up to 4% of annual global turnover or €20 million (whichever is greater).
The changes, which will apply throughout the EU, have been driven by the ever increasing amount of information which is being gathered as a result of technological advances, coupled with an increased awareness by individuals of their right to privacy. Compliance with the new regulations is a challenge which is not to be underestimated. Organisations will need to carry out a detailed review. Fundamental changes may be required of a legal, technological and operational nature.
There is a vast amount of information already within the public domain regarding GDPR. However, interpreting this information and understanding what steps you need to take to ensure compliance can seem like a daunting task.
Fortunately, we have a team of experts on hand to assist you. We have various packages available which we can tailor to the needs of your organisation. If you would like our assistance please contact us to discuss.
There are many stages to ensuring compliance and we can assist you and your business with every step along the way.
Stage 1: Raising Awareness
We can meet with you and your key personnel to discuss the key changes, to raise awareness of the issues and what steps should be taken to achieve compliance. This will give you the opportunity to talk through the various issues with us and to ask us any questions you may have.
This will be followed up with an initial letter of advice setting out what steps you should take.
Stage 2: Conducting a Data Audit
Nobody knows your organisation better than you do. As such, whilst we will not carry out a data audit for you, we will provide guidance on how you should go about this and provide a toolkit to assist you with this process.
By producing a detailed record of exactly what data you hold and why, not only do you have evidence that you are taking steps to comply with GDPR, it will help you identify where changes may be required.
Stage 3: Appointing a GDPR team
It is important that certain individuals within the organisation are appointed to implement any changes required and to ensure continued compliance with any policies.
We can also help you establish whether a Data Protection Officer is required.
Stage 4: Reviewing existing policies and contracts
Once you have completed your data audit and appointed a team, we can work with you to review your existing policies and contracts to ensure that they are GDPR compliant. This may include:
- Data protection policy
- Data access request policy
- Data retention policy
- Email policy
- Crisis management plan
- Supplier contracts
- Employment Contracts
- Customer contracts
- Data Processing agreements
- Transparency /privacy notices
Stage 5: Updating policies and contracts
Once the documents have been reviewed and potential non-compliances have been identified, we can then work with you to update existing policies and contracts and, if necessary, create new policies where there were none.