The General Data Protection Regulation (GDPR) means that companies of all sizes will have to abide by certain rules in how they process and handle personal data, or they may face fierce financial penalties. This regulation supersedes the Data Protection Act, goes live on 25 May 2018 and will apply to all personal data that a company holds.
What does GDPR apply to?
Any personal data. This can be on users, customers, staff, contractors and suppliers.
Why do companies need to be compliant?
- Fines may apply of €20 million or 4% turnover – whichever is greater
- Heavy fines can still be incurred for not implementing aspects of GDPR.
- Clients will be asking their supply chain to confirm they are compliant.
- It will soon be law.
Companies will need to review:
- The legal basis that is used to process personal data.
- Technical and organisational measures on how data is used and secured.
- How personal data flows around the organisation.
- Internal and external policies concerning the use and privacy of data.
- How to comply with requests from users in regards to their rights.
- Staff training and awareness on the use and security of data.
- How Data Protection Impact Assessments are carried out.
- Procedures for dealing with and reporting data breaches.
How we help companies become GDPR compliant
Security with Nick provides a 2-3 day service where he will work with management and key stakeholders in the company to educate them on how GDPR will impact them and what key changes need to be made.
A gap analysis will be performed to understand how the company operates in regards to data use and data security. A report will then be produced to show the areas that need addressing and how.
GDPR also requires the company to perform and maintain certain types of reports, logs, organisational processes and policies. Templates and training for these will be provided.
- GDPR training
- Data flow map training
- Data audit training
- Gap analysis begins
- Reports and templates explained
- Risk management
- Continue data flow maps and audit
Day 3 (off-site)
- Gap analysis completed and report discussed with client.
- Takes place approximately 1 week after day 2 is completed.