We are supporting clients in preparation for the General Data Protection Regulation (GDPR) due to be implemented in May 2018, and are able to provide a range of services that are aimed at assisting an organisation working towards data compliance.
The services listed below can assist clients with developing their risk management strategy towards data compliance. Use the ‘Find out more button’. Additionally you may wish to watch videos from our Autumn 2017 GDPR event, and request a download of our GDPR Q&A booklet – what it means in practice.
GDPR Top Line Audit
The purpose of the audit is to raise awareness at senior level of some of the issues that may be relevant to achieving compliance with the GDPR. It is designed to assist the business to understand where they are at currently and to Red, Amber, Green (RAG) the result.
The purpose is to investigate and data map specific areas or individuals (such as HR) in order to gain clarity on whose and what data is being processed, the reasons for the processing, where data is located and its retention details. To do data mapping it makes assumptions that the organisation has completed a Top Line Audit and has in place or is developing relevant policies and procedures ready for GDPR.
Conduct a review of existing relevant polices with a view to meeting GDPR compliance, as an update or make recommendations on the policies, to meet the new legislation depending on the agreement. Where there are no current policies Outset can provide either a standard or bespoke policy to suit. Relevant policies under this service would normally include the following:
- Data Protection
- IT policy
- Data Retention Policy
- Sensitive Data Policy
Review the organisation’s existing consent processes (in line with the policies procedures and privacy notices) and as a result make recommendations in line with the GDPR to ensure consent is clear and transparent, recorded and updated.
Data Breach Process
Review the organisation’s existing data breach process and guidance and make recommendations in line with the GDPR or, in the absence of a data breach process, Outset can provide the relevant procedures and guidance (for inclusion in policy) and support the organisation to implement a clear data breach process (implementation includes timescales overview, draft communication and guidance).
Subject Access Request Process
Review and update the organisation’s existing Data Subject Access Request process and guidance and make recommendations in line with the GDPR. Outset can provide relevant procedures and guidance (for inclusion in policy) and support the organisation to implement a clear Subject Access Request process (implementation incudes timescales overview, draft communication and guidance).
Conduct short, interactive and informative learning sessions for recipients/processors relating to GDPR. These sessions can be legally or practically focused depending on audience and will look at forthcoming changes and the importance of personal data management.
Conduct a legal review of your existing privacy notices to ensure they meet the GDPR requirements and/or make recommendations on Privacy/Information notices including content, locations and usage.
Where there are terms or agreements with suppliers or contractual terms that may be influenced or affected by the GDPR Outset can review the organisation’s existing agreements and make recommendations or amendments in line with the GDPR requirements.
Provide a consultant to attend meetings or working groups in relation to the GDPR. The consultant will provide advice, review and, where agreed, conduct activities on behalf of the working group to support the organisation working towards compliance
Data Compliance/Protection Officer
Please enquire to learn more about this service.