COMPLIANCE ASSESSMENT

A Comprehensive end-to-end solution for assessing your GDPR Compliance.

Our purpose is to reduce the burden experienced by your organisation when complying with Data Protection laws such as the GDPR, leaving your resources free to continue concentrating their efforts on supporting the business as usual whilst progressing towards and/or maintaining GDPR compliance.

We can provide a comprehensive end-to-end solution for assessing your GDPR compliance: -

• Ongoing staff training and awareness programmes designed to improve procedures and help mitigate data breaches.
• Data Protection Impact Assessment (DPIA) services that discover, categorise and define the personal data stored within your organisation.
• On-demand outsourced Data Protection Officer resources that cover the statutory requirements, but also ensure that your organisation maximises the return on its investment in Data Protection.
• ‘Local representative’ services to non-EEA data controllers and processors that require representation within the EEA (if required).
• Access to practical advice on how to address specific privacy and data protection issues as they arise.
• Support to help you manage the technical, investigatory, reporting and public relations activities that surround a breach situation, aligned with the 72-hour response period.
• Cyber Essential Plus – The Government’s preferred Cyber Security accreditation for SME businesses. If a greater degree of compliance is required (e.g. ISO 27001) then We have associations with many of the country’s leading security firms and can recommend a suitable partner.

We deliver experience, knowledge and enthusiasm, assisting organisations of all sizes and levels of complexity to identify and address the ever-growing number of issues brought about by Data Protection and associated legislation such as PECR.

We provide you with all the resources you need – at the level you need them, to implement, monitor and develop your compliance framework.

GAP Analysis

Introduction

As the implementation date for GDPR has passed (25/5/18) and if you are worried about your compliance position then you need a Small Organisation GDPR GAP analysis report.

Our data protection consultants will assess your organisation’s privacy management and data protection practices through an on-site review of the following:

• Your Data Protection Governance & Processes
• Your Risk management approach & appetite for Risk
• Your GDPR project resourcing
• Your position with respect to a Data Protection Officer (DPO)
• Your organisational Roles and Responsibilities
• Your Scope of compliance
• Your Personal Information Data Processes
• Your Personal Information Management System (PIMS) – if applicable
• Your Information Security Management System (ISMS) & processes
• Your Rights of Data Subjects & processes

The result is a GDPR Compliance report. This will enable you to evaluate your position and what you need to do next to move towards GDPR compliance.

Why choose us?

• Our consultants are both qualified and have an in-depth understanding of the GDPR's requirements and how pragmatically they should be met.
• We can provide a complete compliance support service to help organisations prepare for and adapt to the GDPR including:
  • Undertaking Data flow audits
  • Producing small organisation Gap analysis reports
  • Undertaking Data Protection Impact Assessments (DPIAs)
  • Delivering Bespoke transition services
• Our team has extensive Data Protection and Information Security management project expertise including government network accreditation projects.

Data Protection Governance

We will review the Data Protection Governance procedures and practices operating within the organisation and compare them with the requirements of the GDPR.

Risk Management – Approach & Appetite

We will review and discuss the way in which your organisation manages risk and what the risk appetite is within the organisation.

GDPR Project Resourcing

We will review (if applicable) the resources currently allocated to the GDPR project and make recommendations accordingly.

Data Protection Officer

We will review any decisions taken regarding a Data Protection Officer and recommend whether or not a Data Protection Officer is appropriate.

 Organisation Roles & Responsibilities

We will review the organisational roles and responsibilities (with respect to Data Protection, Processing and Cyber Security) that support your organisation and make appropriate recommendations.

Scope of Compliance

We will review the scope of your compliance with the General Data Protection rules and regulations.

Personal Information Data Processes

We will discuss and quickly review the Personal Data Processes that are operating within the organisation.

PIMS – If Applicable

If applicable We will review any Personal Information Management System that is operating within the organisation.

Information Security & Processes

We will review those Information Security processes that are operating within the organisation and make appropriate recommendations based on industrial best practices.

Rights of Data Subjects & Processes

We will review the Procedures and processes that have been established within the organisation to respond to Data Subjects exercising their rights under the GDPR and make appropriate recommendations based on best practice.

Restrictions & Conditions

• The price quoted applies to single-entity organisations with up to 20 staff and with all key personnel (senior management, HR managers, compliance, IT, sales, marketing and procurement) based at a single site (unless agreed otherwise).
•  The fee excludes any necessary travel, accommodation and subsistence expenses. Expenses will be assessed and charged in arrears.

What to do now?

• Call us on +44 (0) 333 998 0041 or use the Contact Us form to arrange a free consultation to see how we can help your organisation.