The EU General Data Protection Regulation (GDPR)
From 25th May 2018 the GDPR will affect every organisation that processes EU resident’s personally identifiable information (PII).
About the GDPR
First proposed in January 2012 by the European Commission and formally approved by the European Parliament in April 2016, the GDPR will supersede national laws such as the UK DPA, unifying data protection and easing the flow of personal data across the 28 EU member states.
The Regulation mandates considerably tougher penalties than the DPA: breached organisations can expect fines of up to 4% of annual global turnover or €20 million – whichever is greater.
Latest GDPR News - 1st March 2018
ZDNet 2/3 of orgs aren't ready for right to be forgotten. Don't forget GDPR, but remember to forget the people who want to be forgotten!
GDPR Gap Analysis
The GDPR gap analysis service provides a step by step assessment of your organisation’s current level of compliance with the Regulation, and helps identify and prioritise the key areas that your organisation must address ahead of May 2018 including:
Data protection governance
GDPR project resourcing
Data protection officer
Roles and responsibilities
Personal data processes
Scope of compliance
Personal information management system (PIMS)
Information security management system (ISMS)
The gap analysis starts at £1,995 for small companies which includes 1 day of onsite consultancy and the delivery of a tailored gap analysis report.
The outputs of the Gap Analysis would lead to a consultancy support project to include the following services:
GDPR Data Flow Audit
To obtain an inventory of the personal data held and shared by the organisation and a data flow map of the organisations processes.
Data Protection Impact Assessment
An assessment of the data protection risks within organisational processes and a remediation plan to mitigate the risks.
Data Protection Transition
Transition from the old data protection regulations into the new GDPR regulations including policies, procedures etc.
These services are quoted on application as the consultancy time required (on site/off site) would be dependent on the scope and complexity of an organisation and its processes.
If you would like more information on GDPR Compliance Services, or to have a free no-obligation discussion with one of our team, get in touch.