During the GDPR Discovery phase we conduct a broad-brush data discovery exercise across the entire business so that you become aware of all the types of data used, how and where it is held and who it describes and who it is shared with externally.
During a Gap Analysis of your current processes, we identify risks of potential breaches where fines could be incurred, advising you where processes need to be better aligned with the GDPR requirements.
A bought-in DPO service for 1 – 5 days pcm could ensure that your GDPR business risks are understood and managed to minimise compliance risks, dependant upon your current situation, business area and number of employees.
Some key takeaways from a discussion earlier this week were: Conduct a data inventory and document ALL data flows. Confirm ALL data hosting locations, for live and back-up systems. Confirm residences and nationalities of data subjects. Assign cross-boarder policies. Monitor actively cross boarder data flows – with software tool. Prepare a plan of action with […]
Stage 2 – Describe the Information Flow Here you should focus on the processes to be directly impacted by the proposed changes. The flow needs to be documented in sufficient detail to ensure a good understanding of how it is intended to collect, store, use and delete the personal data. This means describing which human […]
There are the 5 key stages to a DPIA and we’ll cover the details for each stage in a new post on the subject. Stage 1. Identify the need for the DPIA. The answers to the questions below will quickly justify the need for an assessment. Will the proposed project involve: collecting new personal data? […]
Easier said than done……larger companies will benefit from deploying an application like One Trust which will enforce a structured approach and a auditable trail of the changes over time. Smaller companies might consider a DIY approach which can be successful as long as a nominated detail conscious, documenting individual is made responsible for data privacy […]