GDPR – A Year on
Having helped many of our clients with their GDPR compliance objectives in 2018, our focus going forward has been to provide ongoing GDPR support services that will build upon those initial implementation projects and help maintain and improve compliance.
The GDPR Challenge
For many organisations, the challenge of meeting the new data protection requirements has been quite substantial. Despite all the hard work, there are still concerns regarding the maturity of many of those compliance programmes that were rapidly implemented. There are also concerns that the urgency to introduce changes to comply with GDPR, left little opportunity to integrate GDPR related policies and controls with existing management systems (e.g. ISO 27001) which would help with maintaining and improving compliance.
And of course, there is Brexit. This will mean that the UK becomes a “third country” in the context of GDPR, resulting in further potential GDPR related considerations e.g. (but not limited to): –
- International data transfers (and the potential for the transfer of data to the UK not to be covered by an adequacy decision, thus resulting in requirements for Data Controllers in the EU to have appropriate data protection clauses with Processors in the UK);
- Appointment of an EU representative within the EEA;
- Privacy notices – reviewing privacy notices to reflect changes to statements regarding international transfers and to identify EU/UK Representatives;
- Records of Processing (RoP)- Reviewing the RoP to reflect changes regarding international transfers;
- Data Protection Impact Assessments (DPIAs) – Reviewing (and potentially amending) existing assessments in light of the changes.
Time to take Stock
Compliance is not a milestone; it’s an ongoing obligation to ensure that requirements are continuously met.
Teamwork have experienced GDPR experts, providing services internationally. We can tailor our GDPR services to your individual needs in meeting all (or some) of these challenges, from either assessing your current GDPR compliance position, implementing a data compliance framework, integrating GDPR into your existing management systems, undertaking GDPR and/or information security audits, or testing the maturity of your data breach incident response plans – we can help
Our GDPR Services
- GDPR Gap Analysis
- GDPR Auditing (which can be integrated with Company’s existing audit plans e.g. ISO 27001)
- Development, issue and review of Supplier (Processor) Security Questionnaires and Supplier (Processor) Auditing
- Support with development of Records of Processing
- Support with Data Protection Impact Assessments (DPIAs)
- BS 10012 (Personal Information Management) Certification
- General Data Protection Consultancy
- Support with GDPR & Data Protection Training
- Support with development of Privacy Notices/Statements
- Development and/or integration of data protection and information security related policies and procedures (e.g. DP Overview, Subject Access Requests, DPIA Procedure, Risk Assessment, Incident response etc)
- Support with Legitimate Interest Assessments (LIAs)
- Support with Data Breach Incident Response Testing
- Information Security Auditing
If you would like to discuss the above, please contact us with a convenient time for one of our consultants to call you.