Are you GDPR ready?
It may seem like an easy or straightforward question, but are you ready for GDPR?
Most businesses will say “yes”, but is that true? – and how can you prove that? One of the key principles of GDPR is being accountable and demonstrating your preparations to date.
It’s not until a client asks, or a tender opportunity comes along and asks if you are GDPR ready that you give it proper thought – and that’s when our privacy specialists are on hand to reassure you on your compliance efforts, or show you areas you need to improve on to be “ready”.
Call us today and we will show you how “ready” you are – and provide you with an independent report confirming your efforts so far.
Our report could be the key to you winning that contract…
How do we determine you are “ready”?
Privacy is an on-going effort, so it is difficult to draw a line in the sand and tell a company they are “ready”. However, our data protection experts are able to quickly identify areas of your business that require attention to demonstrate you have taken all reasonable steps – and we follow a procedure to achieve this.
Conduct a data audit across your business
Learn what personal data you have in the business and where it is. If this has already been done, then we will review the findings of your audit and look to see what remediation efforts have been implemented. This will be key to understanding how ready you really are.
Individuals Rights’
Ensure your business is able to recognise a data subject request and know how to administer this within the appropriate timescales. Failure to administer these on time constitutes an immediate failure of the legislation, so they are easy areas to slip up.
Staff training
Regularly scheduled staff training sessions are essential to ensure a privacy culture is maintained at all levels of the business. The ICO have recently stated training is a critical element of a privacy culture.
Establish a legal basis to hold the personal data
You need a legal basis to hold any data in the business. If you’ve not considered this, how can you determine you have a right to hold any personal data?
Conduct appropriate due diligence on your supply chain
A non-compliant supply chain can render you non-compliant by default. As a data controller, you are liable for the conduct of your supply chain – be responsible and ensure they are acting appropriately.
Breach Procedures
Do you have specific procedures in place to identify and recognise a data breach when it happens. Do you know the definition of a data breach and the conditions in which you need to report it to the Information Commissioners’ Office?
Data Protection Officer
Some businesses are required by law to have a DPO provision. Do you fall into this category? This role must be assigned carefully within the business – otherwise it could be a conflict of interests.
Transparency of Processing
Ensure all your policies and procedures reflect the processing activities of the business. Transparency is a prime element of GDPR – and an essential area to cover.
Data Privacy Impact Assessments (DPIA’s)
Assessments to gauge the risk to personal posed by new processing activities. These are a legal requirement in many instances.
Data Transfers
Does the business transfer data outside the UK? Where to and, is this transfer detailed in your data sharing agreements? In the event of Brexit, it is essential this is known about and accurate.
While you are not expected to have completed all these steps to be considered “ready”, you should at least have a plan in place that schedules these tasks over a period of time – and your activity to date mirrors the earlier tasks on the plan.
Our specialists can provide whatever guidance you may need in relation to this project – whether that be hands-on, or remote support.
How much will it cost to be GDPR “ready”?
This depends on the size of your business, the complexity of your processing activities and your preparations to date.
Without knowing specific detail on your business, it’s impossible to know, but our fees for our specialist privacy team are competitive at £125 per hour, per consultant.
Being “GDPR ready” is a challenging scenario and one that many companies (wrongly) claim, to their detriment when engaging with new clients or prospects.
Professional guidance from our privacy specialists will put you ahead of these companies, giving you the confidence to reassure your clients and prospects that your GDPR preparations are progressing and you are able to demonstrate a maturing level of compliance – you are “ready” as you can be at this stage.
Just remember - our privacy team is on hand to support your business growth.
Why choose us?
Click here to find out why we are the UK’s #1 privacy consultancy.
How much will this cost?
Our pricing structure is simple, straightforward and highly competitive. Head over to our pricing page and take a look at our most popular packages.
What next?
Get in touch via our contact us page, tell us about your business and a member of our team will get back to you.
Other services you may be interested in from PRIVACYHELPER
DPO services
We offer DPO packages to suit your business needs – from a basic advisory service for smaller businesses to integrating ourselves within the operation of larger businesses.
GDPR Consultancy
Our Privacy Team consists of expert data protection consultants in the fields of IT & Technical, Legal, Records Management and Marketing.
Training
An effective, demonstrable training programme can be the difference between the ICO imposing monetary fines – or not, even if your data privacy programme has just started.