The day we have all been waiting for has finally arrived. The 25th May, or ‘GDPR Day’ as it will forever be known, is in full operation with businesses all over the world effected.
Now, we know you’re probably sick of hearing about it by now and you have inevitably had an influx of emails from everyone you have ever contacted to stay in touch, but it is all for good reason.
With GDPR in place individuals have more control than ever of their personal data, however, the change has put a lot of pressure on companies, particularly small businesses, to ensure their data is secure. But it’s not over yet…
As the Information Commissioner, Elizabeth Denham, explains “It’s an evolutionary process for organisations. Organisations must continue to identify and address emerging privacy and security risks in the weeks, months and years beyond 2018”.
Organisations have been urged by the ICO not to panic in the run up to GDPR Day, as they do not expect all businesses to have everything perfectly put in place for the deadline. Rather, they would like to see the new regulations embraced by organisations and encourage better attitudes towards to storing and processing personal data.
If you are ever in doubt on any aspect of the new legislation, then seek advice from the ICO or get in touch with us for a chat.
And if you do need an extra helping hand, we have created a 10 step action plan which we are now offering as a service to our clients. If you’re interested then keep on reading below.
GDPR Compliance Service
Step 1: Data Map
We will draw up a data map which will create an inventory and map of all your data processing activities.
Step 2: Risk assessment
We will be able to assess the risk to data subjects and the company in the event of data being lost.
Step 3: Risk Minimisation
We will show you how to take the necessary steps minimise these risks.
Step 4: Client Privacy Notice
We will draft a privacy notice to send to clients with a covering letter stating what measures you are taking to ensure GDPR compliance. We will also provide a privacy statement for your website.
Step 5: Employee Privacy Notice
We will draft an employee privacy notice.
Step 6: Information Security Policy
We will draft your Information security policy to replace any existing policies.
Step 7: Third Parties
We will draft letter to third parties who hold personal data to seek confirmation that their processes are GDPR compliant.
Step 8: Data Breach
We will draw up a procedure to follow in the event of a data breach.
Step 9: Data Subject Access Request
Under GDPR, as well as the right of subject access, individuals have the right; to rectification (of incorrect or incomplete data); to be forgotten (to have personal details deleted); and to data portability (to receive personal data in a structured, commonly used and machine-readable format). We will draw up procedure in the event a data subject access request from a client or employee.
Step 10: Regulatory bodies
We will check with any regulatory body that you belong to that you are meeting any data privacy needs that they stipulate.
Prices start from £500 plus vat, if you are interested or would like any advice regarding GDPR, then please contact us.