Agility, Compliance, and Security

Smart ways to navigate complex regulations and deliver information excellence, which:

Reduce Costs and Risks
Improve Transparency
Control your Data Landscape

GDPR and the Data Protection Act (2018)

The EU General Data Protection Regulation (GDPR) now incorporated into the Data Protection Act (2018) has transformed how organisations approach privacy. With change comes opportunity, and as your customers and employees become more aware of the important role privacy plays in their lives, loyalty becomes the reward for companies that protect the trust placed in them. Organisations must choose to either treat the GDPR as a compliance tick-box, or they can enhance and align internal systems to create a secure, transparent data environment with better results for customers and stakeholders alike.

We can help

Key Requirements for GDPR

Organisations doing business in Europe see six key areas of GDPR  that are having the greatest impact on their business :

Inventory

Requirement for a comprehensive data inventory and record keeping of all data processing activities – Article 30.

Accountability

Boards must be able to demonstrate how they have integrated Accountability and Governance from the top down through the organization.

Breach Notification

Mandatory data-breach notification within 72 hours to regulators and individuals –Article 33.

Managing Individual's
Rights

Eight defined individual rights to be informed of processing, of access to data, to correct mistakes, transfer data, erase data, to object to processing, and to restrict processing, and to intervene on automated decisions made when processing data.

Data Protection Impact Assessments

Use of data-protection impact assessments (DPIA) for certain processing activities
– Article 35

DPO's

Data Protection Officers as a requirement for certain organisations – Article 37

Watch UKGDPR on InsureTV

Compliance and Security Debate

Questions to Consider

9. Have we adopted a cross-border data transfer strategy?
8. Have we appointed a Data Protection Officer (DPO) if required?
7. Have we an ongoing defined training plan?
6. Do we have an Incident Response plan and breach notification that meets the GDPR’s 72-hour notification requirement? Has this been tested through a workshop exercise?
5. Have we implemented a Privacy by Design program, and integrated Data Protection Impact Assessments into Standard Operating Procedures?
4. Do we have visibility of, and control over, what personal data we collect and the data flows across the enterprise?
2. What is our data foot print across the enterprise, including employee, customer and partner data?
3. Can we evidence GDPR compliance to regulators upon request?
1. Can we show how we have implemented the Accountability principle from the top down?
Learn More

We're a group of privacy and security consultants with experienced GDPR practitioners and Data Protection Officers. We look forward to helping you align your company goals with appropriate and adequate organisational and technical measures. 

Copyright 2018 UKGDPR Limited, a company registered in England, company number: 11002759