GDPR Compliance
How to Become GDPR Compliant
Keep up to date with
The UK General Data Protection Regulation
GDPR (Data Protection Act 2018) requires all organisations (large and small) to adhere to its regulations and key principles when processing data that is considered to be about a ‘natural person’ (Note – Brexit has made no difference to this).
In reality, this impacts all organisations that have employees, customers and suppliers that are EU citizens, including those organisations based outside of the EU. UK GDPR presents a real risk to all organisations due to the nature and size of the financial penalties and also the reputational damage associated with non-compliance.
You can arrange a free consultation with one of our Data Protection Officers. We will discuss what is required and how you can become fully compliant with the law.
Our UK GDPR Self-Assessment tool enables you to assess your compliance with the law. If you aren’t fully compliant, we can assist you to become so and provide you with the necessary documented evidence required.
How do we Assess Your Compliance?
Our certified UK GDPR consultants meet with your team to audit your current level of compliance.
We do this by attending your office location and reviewing how you currently process personal data. We assess what compliance framework is already in place and and how this aligns to your legal requirements under the UK GDPR (Data Protection Act 2018 ,UK).
This is then documented in a detailed audit report that provides you with a clear understanding of what your UK GDPR compliance framework needs to comply with the law.
These meetings focus on:
What have you done to date to comply with the UK GDPR? What is your approach to privacy management?
We will need to understand your overall approach to data privacy management and adherence to data protection key principles.
It is important to understand the general culture and how you process personal data. We also need to understand your general approach to risk management and, crucially, the security of that processing – are you keeping the data safe?
We document your current compliance status and adherence to all of the main articles of the UK GDPR.
We need to have a detailed understanding of how you process personal identifiable information (PII).
It’s vital to discover the full details of your current processing of personal identifiable information (PII).
We need to identify and evaluate the level of risk exposure and how we can enable you to mitigate those risks whilst demonstrating an effective but pragmatic level of UK GDPR compliance.
Our expertise in digital data management systems complements our legal skills to provide you with an all-round risk assessment of the processing of personal data. This combination of skills and experience is a significant differentiation in value that Data Privacy Services provides in this sector.
What policies and procedures are in place? What data privacy governance is established?
You must be able to demonstrate compliance with the UK GDPR (Data Protection Act 2018, UK).One of the key ways to achieve this is to have the correct polices and procedures in place. We advise on any gaps in documentation and how these documents effectively demonstrate compliance.
For an additional fee, we can also provide you with bespoke written documentation that is developed to meet any specific requirements that you may have (e.g. Incident Management Plan).
Are you training your employees? Are you communicating your Data Protection approach?
We assess how you are currently training your team and communicating with them regarding their own rights as ‘Data Subjects’ as well as their obligations within the workplace.We also review your overall communications, especially with third parties, so that you collectively demonstrate compliance (e.g. your controller to processor relationships).
Note – we can also provide a range of training courses to enable your organisation to demonstrate how it meets this key area of compliance.
A DPO you can trust
What is the output of the UK GDPR compliance audit?
The output is a clear understanding of what you need to do to improve your level of UK GDPR compliance. This is documented in a detailed compliance audit report together with a list of actions that are required.
Our audit report provides you with a full overview of what you need to do to improve your level of compliance with the UK GDPR (Data Protection Act 2018). We call this the ‘compliant framework’. The report includes a high-level action plan for all of the activities required.
All the advice and support you need
Delivering UK GDPR Compliance
Our team of professional accredited UK GDPR consultants and DPOs can assist your organisation to achieve full compliance.
We provide a range of UK GDPR compliance delivery services to assist your organisation to build the compliance framework (as proposed within our UK GDPR Compliance Audit Report). We also help you to prepare and manage incidents and data subject access requests (see our DPO as a Service).
Typically, we can deliver a high level of compliance within a fairly short-term engagement. This obviously depends upon the size and complexity of the data processing. However, our in-depth compliance delivery experience will significantly fast track the process.
