GDPR – Are You Ready?

So what is GDPR? You may have heard the phrase, but is it really relevant to you?
The answer is YES! Compliance will be law on the 25th May 2018, and to ignore this or delay your preparation for it could result in a substantial fine.

General Data Protection Regulation applies to all organisations across the world that offer goods/services or that use or store any personal data of EU citizens.

If you are ready and confident then there is no need to read further. However, if not – please read on. Here is how we approach GDPR:

We build the activity around you and your organisation
Our approach to all of our work is to put you at the core of the activity. We then work with you to meet the requirement. Our GDPR compliance activity is based on a simple approach of PDCA, Plan – Do – Check – Act. Starting with the ICO 12 steps we plan the work, initially information gathering and gap analysis. The next step is to implement required changes and introduce new processes, we then work with you to assess whether the changes have had the required effect and then act on that basis. Regular surveillance checks ensure you continue to improve beyond May 2018.

Including the technology from the onset – preventing late surprises
One of the greatest distinctions in our approach is that we run an ISO27001 check alongside the GDPR (scoping, article checks) which saves you time. We succeed because we work hard on 1) Navigating GDPR 2) The right investment in Technology 3) Understanding of your mission, objectives processes and challenges. Our values led approach sets us apart from our competitors – we have a realistic and truthful approach.

We can act as your Data Protection Officer
We will act as your DPO (Data Protection Officer) when dealing with queries and external parties – even the ICO.  This is a service that is run by a team of knowledgeable experienced consultants who have all received training and are qualified on ISO27001 and GDPR.

Comprehensive audit & gap analysis
We perform a comprehensive check against all the articles of the GDPR and give you a true picture of where you are and what needs to be done next to reach compliance.

Monthly improvements
We will work with you to bridge the gaps in order to prepare in the most efficient way possible.

Building an evidence file as well as the normal journal document
Part of the GDPR readiness is to build a journal and evidence folder – which is used to demonstrate your work to the ICO should you need to. Building this file well in advance shows a responsible and methodical approach. The ICO wants improvements, they are not out for penalties and even if you have failed to meet a requirement, demonstrating your efforts goes a long way.

Work to get you through a certification process via a partner working closely with the ICO  – you can then display an accreditation on your website
In addition to our in house GDPR knowledge we work closely with a GDPR accreditation organisation that will give you a seal of approval following an audit. We believe our approach is the most simple and direct at the lowest cost. GDPR compliance does not need to be an expensive and long drawn out process.

There are two ways you can engage with us for GDPR:

Option 1 – SafeGuardIT Silver (or above) Managed IT Service

Our IT managed service includes GDPR guidance in the monthly IT support fee. In short this is the cheapest way to get help on GDPR without hiring an external consultant and paying for banks of days of full time assistance. The advantages are that you get your IT support and systems aligned to GDPR as part of a comprehensive support package. This includes all aspects of GDPR tied to technology and processes. The only disadvantage is that this is an assistive approach, you need to have your own GDPR champion (data protection officer) driving this activity forwards.

Option 2 – GDPR dedicated consultancy time

You can purchase banks of days. This is the most flexible approach and you can keep the days for a 12 month period and use these for surveillance visits post May 2018. The advantages are that this is a GDPR lead from the consultant, driving the project forwards and delivering the frameworks and results, it’s comprehensive. The only disadvantage is a risk that your team might not take ownership of actions.

GDPR & Company Approach Videos:
https://www.youtube.com/watch?v=BwmihwKg6j0
https://www.youtube.com/watch?v=WEnw4L9YDas

ACTION is needed now so your organisation can strive to be aligned within the approaching deadline.

Get in touch by using the online form, email info@spirituk.com, or call 0208 1234 365 and speak to one of our helpful account managers now!