Develop a Data Protection Plan of action with specific actions, owners and targets to achieve GDPR readiness.
Complete comprehensive Data Protection Assessment on the company will be conducted across multiple sectors.
Produce of gap analysis report with recommendations for improvement which are risk weighted in importance and suggested timelines.
Review of relevant policies and recommendations for improvement.
If organisation does not have relevant policies, sample policies will be supplied and we will assist the company to tailor templates to become company specific.
Consent Review will be conducted on all documentation used as a Personal Data collection point. Practical recommendations will be provided to the company for improvement under the basis of processing.
Data Process Mapping will be conducted at a high level to understand the business model and overall process flows.
Software Register Review is vital at the readiness stage to ensure the location of all Personal Data is mapped in the event of a Data Breach or Subject Access Request.
Subject Access Request’s (SAR’s) under GDPR represents a significant risk to any company. Under stage 1 it is important to develop a process to manage a SAR and document same. A test/mock SAR will be conducted to identify potential areas of weakness / bottlenecks.
Awareness and Training Programme – once the steps above have been completed and a clear understanding of the company and Data Protection processes have been documented, an awareness programme will be delivered through workshops and slides.