Review current status of the company in regard to our GDPR readiness journey using our Data Protection questionnaires and completing a gap analysis. Once the gaps have been identified, a remediation programme is developed and implemented, with timelines, owners and budgets. Testing will be undertaken to verify all obligations have been closed.
Data Protection doesn’t end on the 25th May 2018, if anything it is the commencement of a continual process for the company, representing a significant cultural change. The Data Protection Officer (DPO) or outsourced DPO will embed a culture of Data Protection Compliance within the organisation. The company has a clear and explicit responsibility under GDPR to evidence “Demonstrably Compliance” on an ongoing basis.
Development of an Annual Data Protection Compliance Plan with specific areas for testing and levels of coverage documented on a risk-based audit approach. The DPO is a protected role, but there is no reporting structure set-out under the GDPR regulations. Under this stage we will develop a comprehensive report for submission to the senior management team on a quarter basis, aligned to the Annual Data Protection Compliance Plan.