GDPR Compliance &
Data Protection Services

gdpr consultancy, gdpr compliance

Data Protection Changes and GDPR Consultancy

Data protection compliance has never been as important as it is today. In May 2018, the ageing Data Protection Act of 1998 was replaced by the The General Data Protection Regulation (GDPR) and subsequently the UK Data Protection Act 2018, both of which have far more wide-reaching implications and ramifications for UK businesses.  Contrary to popular belief, the UK’s decision to leave the European Union will not have a bearing on this.

Given that the old Data Protection Act was written almost 20 years ago, with the enormity of technological change that has taken place in that time frame, it is easier to appreciate how important the GDPR is.  Of course it is still not too late to start on this journey of responsibility and accountability for the data collection that your organisation relies on and it is important to understand what the reality could be for many businesses now GDPR compliance has become enforceable.

elucidate have been working in data protection for many years and have experienced data privacy consultants, industry proven methodologies and have supported a number of organisations and industries in complying with applicable data protection requirements.

The General Data Protection Regulation depends upon a set of clearly defined concepts and entities to achieve its aim of transparency and application.  An understanding of these is key to determining the context with which they apply to your business as a Data Controller and possibly a Data Processor also.

Broadly speaking, if you consider that all of the data protection changes are designed to protect the Data Subjects (you, us and everyone else) and their associated personal data from the potentially disastrous consequences of a data breach it becomes easier to understand from a practical point of view what you should be considering and attempting to achieve from this opportunity.

The first step in preparing your organisation to comply with the GDPR is to understand exactly where data comes into your organisation, its journey through your organisation, where it resides and who you share it with.  As a priority, start to question what data your organisation holds on Data Subjects? These could be your:

  • Employees
  • Customers
  • Suppliers
  • Mailing list recipients

The data is relevant if it could be used to personally identify these individuals.

Next, you need to understand why you need that data.  You need to be able to document your legitimate business interests for why you need that specific piece of data, and these could be different for the different elements of data which you collect.  The following questions should be next on your list:

  • How is the data stored?
  • How long do you need the data for?
  • Where did the data come from?
  • In future will your Data Subjects be able to positively opt in to having their data controlled by you?  An option to opt out is no longer going to be enough.
  • Do you now or will you in the future need to share this data with anyone else?
  • Do any 3rd parties process data on your behalf (out-sourced payroll perhaps?)
  • How easily can you access this data?

The last question above is an important one as it paves the way for the changes to the way Data Subjects can have more control over their data.  Individuals can request to see the data you hold on them via a Subject Access Request which you then must supply to them, within a set time window, in a form they can easily understand.

The logistical implications of this for a business which runs using endless spreadsheets, documents and dissipated storage could be considerable.

We have already mentioned documentation and this is a key area in which to ensure it is up to date, consistent and accurate.  The primary means of communicating your GDPR compliance journey with both your data subjects and potentially the Supervisory Authority will be through your policies, procedures and training.  A new privacy policy will be an absolute requirement for 99% of organisations.  Depending upon the complexity of your business, this can be delivered alongside an updated data protection policy, again, an excellent way to demonstrate the aspiration of attaining your compliance.

At elucidate we understand the value of data to your business and the serious implications of a data breach.  Our skilled team within the GDPR Consultancy division work with businesses to provide insights and solutions on a range of GDPR issues and can help your business with the utmost flexibility.

Our experienced, qualified and friendly auditors can help you prepare for the new regime.  We can perform a GDPR compliance audit and Gap Analysis on specific departments, individual offices, or across your entire organisation.  Our consultants are able to help businesses get to the level of compliance required and our solutions are based on our AID methodology which comprises of the following GDPR services:

  • Audit
  • Implementation
  • Delivery

Our GDPR consultancy compliance packages are based on the complexity and scale of the business concerned, something we can generally ascertain in a short, free of charge one-hour consultation.  Call us now to help you get started, it’s the responsible thing to do.

Choose the right partner for your business

Find out how we can deliver IT & Marketing expertise for each layer of your business.