EU General Data Protection Regulation (GDPR) is the new legal framework in the EU that replaces the current EU Data Protection Directive. GDPR will be enforced from the 25th May 2018. It is not affected by the UK’s decision to leave the EU. We provide a range of services to assist your business with meeting GDPR.
Although the policy is not due to come into force until next year, organisations must prepare well in advance of it’s start date to ensure they meet the required standards as stated in the policy legislation.
GDPR will introduce fines for non-compliance of up to €20m or 4% of annual worldwide turnover, whichever is greater.
Who does it apply to?
It applies to all businesses operating within the EU.
Any organisation collecting, storing and processing the personal data of EU residents is considered either a data controller or data processor.
GDPR is applicable to both data ‘controllers’ and ‘processors’.
What is going to change?
The definition of personal data – A broader scope of the term, anything that contributes or links to identifying an individual will be included e.g name, identification number, ip address, meta data and much more.
Extra-territorial effect – GDPR requirements will apply if you process the personal data of EU citizens regardless of which country you are based in.
Risk based accountability – This will impact amongst other things, contracts, privacy notice obligations, risk assessment and record keeping.
Greater liability – For both Data Controllers and Data Processors but particularly for Processors, they can now be held accountable and action taken against them.
How can we assist?
Our consultants begin by holding an EU GDPR Discovery workshop with your business, articulating the requirement obligations of EU GDPR and gain a shared understanding of current personal data held by your business and the use of this data for business purposes. We then perform a comprehensive review of your existing compliance against the EU GDPR.
Following this review, we then present back our findings in a clear business level executive report highlighting the current compliance level, short-term recommendations, and a full high-level strategic roadmap for your business to achieve full compliance with the EU GDPR.
Provides an accurate snapshot of organisational readiness to comply with EU GDPR.
Executive level plan
Highlights current risks and necessary steps in executive-level terms.
Identifies areas requiring immediate attention, and cost-effective remediation solutions, in prioritised terms.
Outlines key risks of non-compliance if completion by 2018 cannot be achieved.
Provides a clear high-level plan and road-map for achieving full compliance.
Supports business case definition and EU GDPR remediation planning.