GDPR Services

Complete GDPR Services

With our GDPR Services we can provide an End-to-End GDPR solution for your business.

Our GDPR Services include everything from awareness to audit to implementation, that provide you with a complete GDPR solution.

GDPR AUDIT

Using our unique GDPR Audit methodology and targeted auditing techniques we are able to quickly and effectively assimilate all the information required to give you a 360-degree view of where you stand against the GDPR.

Your prioritised GDPR gaps as well as recommended remediation steps are provided in a detailed report.

Following on from the initial audit GDPR Auditing are able to offer a full remediation service. Some common requests are:

  • Creation of a data retention schedule
  • Review and revision of website privacy policy
  • Creating or amending 3rd party contracts
  • Providing GDPR Staff Awareness Training
  • Technology and Security solutions

BREXIT GDPR Audit

The Brexit GDPR Audit is designed specifically to assess your exposure to EU personal data transfers post the BREXIT transition period. I.e. from the 1st January 2021.

As part of the BREXIT GDPR Audit service we will:

  1. Assess your current transfers to find out where your risks are
  2. Document what actions are available to legalise your processing
  3. Work with you to implement any changes required

If you are a UK business you should already be assessing your BREXIT risks and this should include EU personal data. If you already have enough to worry about, let GDPR Auditing do this for you. It typically takes only one day and provides you with a complete risk assessment and report on those risks

EU – US Personal Data Transfers

The Court of Justice of the European Union (CJEU) ruling on the 16th July invalidated the EU-US Privacy Shield.

With the inevitability that Binding Corporate Rules and Standard Contractual Clauses are also invalidated without a full assessment and significant supplementary controls.

If you transfer EU/UK personal data to the US or use US processors such as Amazon, Mailchimp, Microsoft, Salesforce etc. then you need to be thinking about whether those data transfers are still legal, and if they aren’t what you should do about it.

If either of those questions are not easy then let GDPR Auditing answer them for you.

GDPR Quality Assurance

Whatever the state of your GDPR program, our GDPR Quality Assurance  service is designd to provide you with a full independent review of your GDPR Compliance.

Through a combination of Audit, Check and Verify stages, a comprehensive report is produced that will provide:

  • Recommendations and priorities for the elements of GDPR you haven’t started yet, (Audit).
  • Assurance that any elements you are working on will deliver the outcome you need, (Check).
  • Confirmation that the elements of the GDPR you have finished are working as they should (Verify).

No matter where you are on the path to compliance an ACV audit provides you with the assurance you are heading in the right direction.

GDPR Essentials

GDPR compliance is a combination of tasks that absolutely need to be done, and other tasks that are either optional or may have multiple solutions depending on the risk you your business.

We understand that becoming compliant with GDPR can be time consuming and expensive so we listened to our clients and created the GDPR Essentials service.

The GDPR Essentials service is a cost effective and resource efficient way to achieve a level of GDPR compliance.  The essentials service fulfils the Information Commissioners requirement that each organisation should take “adequate, and appropriate measures proportional to the risk”.

If you only ever invest in one GDPR service, make sure it is this one.

DPO as a Service

Does your organisation need a Data Protection Officer or has decided it would be beneficial?

Do you need a DPO but don’t need one full time or can’t convince someone in the business to take on the role?

Don’t despair, the GDPR says that a DPO can be an individual or an organisation outside of your business.

Our DPO Service gives you all the benefits of an experienced Data protection Officer when and where you need it without the overheads of creating a new role in your organisation.

GDPR EDUCATION

Every person in your organisation is required to be trained on GDPR Awareness and some level of Information Security.

We provide face to face training, in person or remotely. Contact us for more details.

We also offer online training through our training portal. Read more here https://www.gdprauditing.com/seccom-elearning/

DPO Training

The GDPR is responsible for creating a whole new army of Data Protection Officers, many new to the role and learning on the job.

There are also a good many DPO’s who are struggling to keep up with all the GDPR requirements or just need a little help.

Our DPO training is suitable for DPO’s in either situation and provides essential education, 1-1 advice and tools to make the job for any DPO a little easier.

GDPR CONSULTANCY

We provide bespoke consultancy services around all aspects of the GDPR including:

  • Data Asset Inventory
  • GDPR Audit
  • IT Audit
  • Programme management
  • Provision of on-site and remote resources
  • Business Continuity Planning and Disaster Recovery Planning

GDPR ANNUAL REVIEW

Whilst there is currently no fixed requirements for GDPR reviews we recommend at least an annual review.  This ensures compliance has been maintained.

The GDPR requires you to continually review your data processing risks and conduct a DPIA before any significant change is implemented.

We can complete reviews that are tailored to your specific needs on your previously completed audits and DPIAs.

DATA PROTECTION IMPACT ASSESSMENT (DPIA)

Whilst it is good practice to take a privacy by design approach when building your systems and carry out a Privacy Impact Assessments (PIAs), the GDPR makes privacy by design a legal requirement.

The GDPR also makes PIA’s (referred to as DPIAs by the GDPR) mandatory where data processing is likely to result in high risks to individuals.

The regulation strongly recommends a DPIA is completed for processing operations already in place prior to May 2018. DIPA’s are required for any new processing or changes to existing processing.

We can advise you, as well as complete or assist you in completing a GDPR DPIA.

Get in touch

To find out more about this service or any of our other services please email us at info@gdprauditing.com or get in touch via our contacts page.