• Develop a Data Protection Plan of action with specific actions, owners and targets to achieve GDPR readiness.
  • Complete comprehensive Data Protection Assessment on the company will be conducted across multiple sectors.
  • Produce of gap analysis report with recommendations for improvement which are risk weighted in importance and suggested timelines.
  • Review of relevant policies and recommendations for improvement.
  • If organisation does not have relevant policies, sample policies will be supplied and we will assist the company to tailor templates to become company specific.
  • Consent Review will be conducted on all documentation used as a Personal Data collection point. Practical recommendations will be provided to the company for improvement under the basis of processing.
  • Website – Cookie Policy review and Privacy Policy review will be conducted with recommendations if applicable.
  • Data Process Mapping will be conducted at a high level to understand the business model and overall process flows.
  • Software Register Review is vital at the readiness stage to ensure the location of all Personal Data is mapped in the event of a Data Breach or Subject Access Request.
  • Subject Access Request’s (SAR’s) under GDPR represents a significant risk to any company. Under stage 1 it is important to develop a process to manage a SAR and document same.  A test/mock SAR will be conducted to identify potential areas of weakness / bottlenecks.
  • Awareness and Training Programme – once the steps above have been completed and a clear understanding of the company and Data Protection processes have been documented, an awareness programme will be delivered through workshops and slides.

Stage 2 – GDPR Embedding