GDPR

General Data Protection Regulation

GDPR

The General Data Protection Regulation focuses on putting individuals firmly back in charge of their personal individual information and what happens to it.

Organisations

The regulation applies to all organisations from sole traders working at home to giant multinational corporations, no one (except law enforcement and intelligence agencies) is exempt.

Best Strategists Around

“We have been using consultants from Cysquad Solutions for years to navigate the necessary changes to our strategy.” – New Covenant Church

Best Strategists Around

A consultant is usually an expert or an experienced professional in a specific field and has a wide knowledge of

How It Works

The regulation places significant new strictures upon organisations including:

N

Having to build privacy into systems by design (which are switched on by default);

N

Follow stricter procedures for reporting data breaches;

N

Document any use of personal data in far more detail than previously.

N

Implement stronger consent mechanisms (particularly when processing data pertaining to minors);

N

Conduct regular privacy impact assessments;

N

Failing to comply could face fines of up to €20m or 4% of annual turnover (whichever is greater).

Cysquad Solutions have designed an appropriately business focused approach.

The Information Commissioner’s Office’s have provided a good checklist for implementing GDPR solutions:

\

Review how you seek, obtain and record consent. Do you need to make any changes?

\

Ensure senior/key people are aware of GDPR and appreciate its impact.

\

Plan how you will handle subject access requests within the new timescales and provide any additional information.

\

Put systems in place to verify individuals’ ages and, if users are children (likely to be defined in the UK as those under 13), gather parental consent for data processing activity.

\

Review your privacy notices and plan for necessary changes before GDPR comes into force.

\

Identify and document your legal basis for the various types of personal data processing you do.

\

Make sure you have the right procedures in place to detect, report and investigate a personal data breach.

\

Document any personal data you hold, where it came from and who you share it with. Conduct an information audit if needed.

\

Adopt a “privacy by design” and “data minimisation” approach, as part of which you’ll need to understand how and when to implement Privacy Impact Assessments.

\

Designate a Data Protection Officer (DPO) or someone responsible for data protection compliance; assess where this role will sit within in your organisation’s structure/governance arrangements.

\

Check your procedures cover all individuals’ rights under the legislation – for example, how you would delete personal data or provide data electronically in a commonly used format.

\

If you operate internationally, determine which data protection supervisory authority you come under.

Drop Us A Message