Managing data is becoming complex for individuals and companies alike. The General Data Protection Regulation (GDPR) will come into force in May 2018, alongside a new Regulation on ePrivacy, and UK entities must understand the implications and comply with the rules if they provide goods, services or market to EU citizens. This will continue to apply after the UK leaves the EU.
GDPR significantly increases the rights of citizens to access their personal data electronically, to have it corrected or deleted and to scrutinise data processing. The penalties for non-compliance have risen sharply, requiring proper judgement and design to be applied to data collection and rapid notification if data is lost.
We advise our clients on how best to achieve their strategic objectives whilst complying with this evolving regulatory regime. We highlight gaps in compliance and assist with the implementation of the policies and procedures needed, as well as dealing with any incidents that may occur.
Our team comprises data protection experts as well as non-lawyer cyber security specialists, allowing us to give the full spectrum of advice. The GDPR regime requirements will introduce both process and technology changes that we will advise our clients on, from the initial data audit and ongoing compliance to industry standard benchmarking techniques.
Each data protection strategy will be unique to the given business or personal situation. The first step is a conversation with our team who will map out the best solution. Depending on the outcome of this assessment and the maturity of existing measures, we will recommend a combination of the following:
A process to explore and document the flow of personal data through the organisation, capturing how, where and why data flows from team to team and system to system.
A series of document reviews and interviews with key staff will be undertaken so that we can detail any operational, cyber, or legal gaps in GDPR compliance with respect to policies and procedures and day to day operations.
Based on learning from the Data Mapping and Analysis activities, a review is undertaken to identify and document gaps in compliance. Gaps are reviewed to identify any trends or commonalities with regards to remediation, and remedial actions are selected such that they will fit into the organisational structure of the business.