GDPR – Are You Compliant?
So what is GDPR? You may have heard the phrase, but is it really relevant to you?
The answer is YES! GDPR law came into effect on 25th May 2018, and non-compliance can result in a substantial fine.
General Data Protection Regulation applies to all organisations across the world that offer goods/services or that use or store any personal data of EU citizens.
If you are already covered then there is no need to read further. However, if not – please read on. Here is how we approach GDPR:
We build the activity around you and your organisation
Our approach to all of our work is to put you at the core of the activity. We then work with you to meet the requirement. Our GDPR compliance activity is based on a simple approach of PDCA, Plan – Do – Check – Act. Starting with the ICO 12 steps we plan the work, initially information gathering and gap analysis. The next step is to implement required changes and introduce new processes, we then work with you to assess whether the changes have had the required effect and then act on that basis. Regular surveillance checks ensure you continue to improve and stay compliant.
Including the technology from the onset – preventing late surprises
One of the greatest distinctions in our approach is that we run an ISO27001 check alongside the GDPR (scoping, article checks) which saves you time. We succeed because we work hard on 1) Navigating GDPR 2) The right investment in Technology 3) Understanding of your mission, objectives processes and challenges. Our values led approach sets us apart from our competitors – we have a realistic and truthful approach.
We can act as your Data Protection Officer
We can act as your DPO (Data Protection Officer) when dealing with queries and external parties – even the ICO. This is a service that is run by a team of knowledgeable experienced consultants who have all received training and are qualified on ISO27001 and GDPR.
Comprehensive audit & gap analysis
We perform a comprehensive check against all the articles of the GDPR and give you a true picture of where you are and what needs to be done next to reach compliance.
We will work with you to bridge the gaps in order to prepare in the most efficient way possible.
Building an evidence file as well as the normal journal document
Part of the GDPR readiness is to build a journal and evidence folder – which is used to demonstrate your work to the ICO should you need to. Building this file well in advance shows a responsible and methodical approach. The ICO wants improvements, they are not out for penalties and even if you have failed to meet a requirement, demonstrating your efforts goes a long way.
Work to get you through a certification process via a partner working closely with the ICO – you can then display an accreditation on your website
In addition to our in house GDPR knowledge we work closely with a GDPR accreditation organisation that will give you a seal of approval following an audit. We believe our approach is the most simple and direct at the lowest cost. GDPR compliance does not need to be an expensive and long drawn out process.
There are two ways you can engage with us for GDPR:
Option 1 – SafeGuardIT Silver (or above) Managed IT Service
Our IT managed service includes GDPR guidance in the monthly IT support fee. In short this is the cheapest way to get help on GDPR without hiring an external consultant and paying for banks of days of full time assistance. The advantages are that you get your IT support and systems aligned to GDPR as part of a comprehensive support package. This includes all aspects of GDPR tied to technology and processes. The only disadvantage is that this is an assistive approach, you need to have your own GDPR champion (data protection officer) driving this activity forwards.
Option 2 – GDPR dedicated consultancy time
You can purchase banks of days. This is the most flexible approach and you can keep the days for a 12 month period and use these for surveillance visits post-compliance. The advantages are that this is a GDPR lead from the consultant, driving the project forwards and delivering the frameworks and results, it’s comprehensive. The only disadvantage is a risk that your team might not take ownership of actions.
ACTION is needed now. Get in touch by using the online form, email email@example.com, or call 0208 1234 365 and speak to one of our helpful account managers.