The GDPR and you..
In a recent survey commissioned by Collyer Bristow, 53% of small and medium sized businesses are unaware of the forthcoming enhanced and updated Europe-wide law for protection of EU resident’s data (the General Data Protection Regulation), which comes into force on the 25th May 2018.
While the threat of huge fines for non-compliance are well documented, the appetite of our Document Protection Authority to pursue offenders is not yet known.
For organisations external to the EU that are involved with the control or processing of EU residents information, the regulations still apply: with regard to the USA, previously acceptable approaches for international processing or control of EU residents data are either non-compliant (Safe Harbour), or are untested in law (Privacy Shield II).
By virtue of employing or interacting with EU residents and their associated Personally Identifiable Information, the General Data Protection Regulation will impact your business to a greater or lesser degree depending on a number of factors including size, geographic organisation, type of processing, sensitivity of data, and function.
While there are many thousands of organisations offering varying degrees of support, each have an almost infinite number of approaches, philosophies and tools to move an organisation towards compliance. This can cause project paralysis – as of May 2017 a YouGov survey suggested that only 29% of 2000 companies surveyed had taken steps towards GDPR compliance.
Our approach starts with an initial engagement to dispel myths and uncertainties around the Regulation. We cover
- The difference between GDPR and the existing Data Protection laws and how it will affect your business specifically
- What personal information is affected
- Sensitive data
- International considerations
- Consent vs. Legitimate Interest
- Data privacy impact assessments
- Subject access requests (the right for individuals to access their personal information), right to be forgotten
- What it means for organisations that support your business – (Data Processors)
- Incident responses and breach reporting
- Evidence of compliance – privacy policies, standards, ongoing training and guidance
We then agree specific areas of focus and suggest a sensible tailored approach to move towards compliance, based on core project milestones of Discovery, Management, Protection and Reporting.
There is no such thing as full compliance, nor is there a single source for all knowledge relating to GDPR. ChartaPorta offer tailored consultancy engagements designed to provide clarity and a risk-based assessment on the most important steps needed to move towards compliance for you organisation.
Ask us about our GDPR heatmap and how it can help your organisation move towards GDPR compliance.