In May 2015, the EU outlined its strategy to create a digital single market which would modernise and update the principles of the EU Data Protection Directive 1995 and UK Data Protection Act (DPA) 1998.
The General Data Protection Regulation (GDPR) replaces the 1995 EU directive (Directive 95/46/EC ) and was introduced in May 2016 with full enforcement after a two-year lead in period.
The GDPR will put control of data back into the hands of individuals who will be able to request the right to be forgotten and even be able to move their data from one organisation to another.
For data controllers and processors more stringent and measurable compliance requirements will be enforced with even heavier penalties of between two and four per cent of worldwide turnover.
The GDPR presents a perfect opportunity for organisations to understand their key risks and embed privacy driven design principles into business operations.
We have split our services into four focus areas to help you at every stage of your Data Protection Act (DPA) and GDPR compliance readiness process.
- Awareness Workshop: Our workshop is designed to facilitate an understanding of privacy within your organisation and will provide an awareness of how the GDPR legislative changes will impact the organisation.
- Privacy/Data Protection Impact Assessment: A measurement of the impact to your business of failure to protect PII in accordance with DPA and GDPR.
- Health Check: Our health check has been designed to understand your privacy risks according to your business objectives. We will assess your privacy controls according to both DPA and GDPR requirements.
- Strategy and Remediation Support: Now, more than ever, there is a need for organisations to have a defined strategy to manage privacy risks. We will help you to assess the risk, build a roadmap and assist in all aspects of remediation and compliance with the DPA and GDPR.
Do you comply?
- If you are unable to answer any of the questions below, a Privacy Health Check would be a suitable course of action.
- How compliant are we to the current Data Protection Act 1998?
- Have we got the processes and resources in place to support requests from individuals to delete data, or enable the secure transfer of data from our organisation to another?
- Have we got the right level of consent to perform current processes on personal data? Is this aligned with the additional GDPR requirements?
- Are suppliers and third parties only processing your personal data as authorised?
- Are we managing the risks to personal data effectively and in line with GDPR?
- Are we able to measure and demonstrate compliance to DPA and GDPR?
Need further guidance and support? Do not hesitate to contact our experts.