GDPR Compliance
The EU General Data Protection Regulation (GDPR) came into effect in the UK on May 25th 2018.
If your organisation processes the personal data of any data subjects who live in the Union, regardless of whether the processing takes place in the Union or not, then GDPR applies to you.
The Regulation mandates considerably tougher penalties than the Data Protection Act (DPA): breached organisations can expect fines of up to 4% of annual global turnover or €20 million, whichever is greater.
For each category of data you need to identify which of the six lawful basis of processing which you are relying on.
The conditions for consent have been strengthened: requests for consent must be clear, state what the data will be used for and consent must be easy to withdraw.
Arcanum GDPR Consultancy
GDPR Gap Analysis
The GDPR Gap Analysis service provides a step by step assessment of your organisation’s current level of compliance with the Regulations, and helps identify and prioritise the key areas that your organisation must address including:
• GDPR project resourcing
• Data protection governance
• Data protection officer
• Roles and responsibilities
• Personal data processes
• Scope of compliance
• Risk management
• Personal information management system
• Information security management system
The Gap Analysis will be carried out for a fixed charge and includes an onsite session with key personnel to gain an understanding of relevant business areas.
GDPR Consultancy Support
The outputs of the Gap Analysis would lead to a consultancy support project to include the following services:
- GDPR Data Flow Audit – To obtain an inventory of the personal data held and shared by the organisation and a data flow map of the organisations processes.
- Data Protection Impact Assessment – An assessment of the data protection risks within organisational processes and a remediation plan to mitigate the risks.
- Data Protection Transition – Transition from the old data protection regulations into the new GDPR regulations including policies and procedures.
- Virtual Data Protection Officer (vDPO) – In some circumstances a DPO is mandated or recommended. In these cases Arcanum can be on call to provide specialist advice and support for your business when you need it
What next?
If you would like more information on GDPR Compliance Services, or to have a no-obligation discussion with one of the Arcanum team, please get in touch..