Marking your own homework is all very well but who carries the can if you get it wrong.
Forward thinking organisations have completed some of their GDPR work or in some cases are nearly finished. Some of these companies increasingly looking for someone to check what they have done, give a second opinion, and sign them off.
Concerns over delivering a GDPR program and running it as BAU
The GDPR project or program delivered into an organisation may have been run by any number of people from any number of departments, or quite possibly by some external entity, consultant or contractor.
In a lot of cases the person or people responsible for delivering the program are not the ones who will have to operate the policies processes and systems. In most cases they also are not the senior management or executive who will be accountable should it all go wrong.
If you work in a business and have been given the GDPR program to deliver, when your FD or CEO asks you are you confident, what will be your answer?
If you are not an officially appointed DPO with protection under the GDPR, a failed GDPR remediation program might mean consequences for your boss or bosses boss and will probably not end there.
With the much publicised fines the repercussions could be company wide.
Why get a 3rd party to check my GDPR status?
- There is no certification
- There is no seal of approval
- There isn’t even a recognised standard to attain
- A proportionality and a risk based approach means each business is different
How often has it been said that a second pair of eyes is required, sleep on it, two heads are better than one or whichever metaphor you prefer?
It is always going to be worthwhile getting someone else to look over what you have done. At the very least they might tell you, that you have done everything possible (within reason), to comply with the GDPR.
On the other hand you might find you’ve missed something, or have misinterpreted something, or are possibly even doing something that is against the GDPR. Better to find that out before the complaints start or worse still you lose some personal data.
Commission an audit, gap analysis or assessment
Whatever you call it, having gone to the trouble of doing all the work and assumedly investing time and effort to become compliant, doesn’t it make sense to get a check-up, it’s the final part of due diligence like an MOT, or a health check.
Get a GDPR Audit
GDPR Auditing can provide you with a report on your GDPR status no matter where you are in the lifecycle. We provide:
- Gap Analysis Audits for companies who don’t know where to start
- Mid program audits for companies who may still have gaps but also want to know how well they have remediated some issues
- End of program audits to find out if the program delivered a solution that is fit for purpose
Contact us to find out how we can help no matter where you are in the process.
The information provided in this post is for general information only and is not intended to provide legal advice.
© GDPR Auditing 2017.