If you were to be audited by the Data Protection Commissioner today, can you demonstrate compliance? Do you have the documentation to support it? What would you do if you discovered a personal data breach? Do you have a process for subject access requests?
These are some of the chief concerns our starter project aims to address. We will equip you with process and documentation as well as train your staff on how to operate them.
Our starter package is designed to accelerate your GDPR compliance project, reduce the burden on your key people and build a framework which you can further develop as the need arises. It is executed in three phases with some degree of overlap:
Phase 1 - Identify
The key areas we focus on include:
- Your organisational context
- The implications of the regulation on your business
- Understanding the data you hold and how it is used
- Gap analysis
- Process analysis
- Documentation requirements
- Training and awareness needs
Risk is a fundamental point of concern here - taking a risk-based approach ensures your resources are concentrated in the highest value areas.
Phase 2 - Define
Using the data gathered during the Identify phase, we build a policy framework with supporting procedures and an implementation and training plan. Some key documentation produced during his phase would likely include:
- Data Protection Policy
- Information Security Policy
- Subject Access Request Procedure
- Complaints Procedure
- Consent / Withdrawal of Consent Procedure
- Communications Procedure
- Privacy Procedure
- Privacy Notice
- Nonconformity and Corrective Action Procedure
During this phase, we'll also work with you to determine the staff training and support requirements with getting the updated policies and procedures integrated into the organisation in as smooth a manner as possible.
Phase 3 - Implement
The Implement phase is where we set the plan to action and begin implementing the policies, procedures and controls defined in the previous phase. Key areas of focus:
- Staff awareness of updated/introduced policies/procedures/controls
- Data protection and information security training
- Testing of new processes e.g. subject access requests or data breach notification
- Monitor and confirm successful implementation
- Identify areas for further improvement
Of course, your situation is unique. To find out how we can tailor our services to suit your organisation, please get in touch: