On May 2018 a new law came into force that fundamentally affects the way that you use data to market, provide services and run your business. It brings with it new rights, new responsibilities and new obligations.
GDPR & Data Protection Compliance
Among other things, this new law requires you to:
- Notify the Information Commissioner’s office and the person concerned in the event of a data breach within 72 hours.
- Review and/or revise your justification(s) for collecting and using data; and make it as easy to withdraw consent, as it is to give it.
- Modify your consent processes to ensure compliance with the law, to include your IT and cookie policies.
- Engage ‘fair processing’ noticed throughout in order to warn people how their data will be gathered and used.
- Conduct a root and branch audit of your data processing and conduct Private Impact Assessments where appropriate.
- Implement ‘privacy by design and default’ in relation to the way you collect and use data.
- Action and facilitate the ‘right to be forgotten’.
- Service subject access requests much quicker.
- Train your staff properly on all the key stages.
Not only will this involve most businesses in considerable advanced preparation but the price of non-compliance could be up to 2-4% of global turnover in fines, depending on how severe the data breach is and what efforts you made to comply with the law in the first place.
How We Can Help
For a fixed fee package, (price dependent on size and turnover of the organisation), we can:
- Properly document your top-down compliance directives.
- Produce GAP analyses, implement legally compliant risk assessments and initiate roll-out programmes designed to: minimise the risk of regulatory breach; help organise the implementation of ‘privacy by design’; educate and train employees and participants in order to achieve a culture of compliance.
- Draft appropriate codes of conduct; amend contracts of employment and employee handbooks and update induction processes.
- Ensure compliance with requests made pursuant to statutory processes.
- Amend client/supplier Terms & Conditions to shield the Company against liability for a data breach.
- Produce a bespoke data-breach response pack to facilitate the ability to notify third parties within the required 72-hour window.
Next Steps
Find out more and get a *Free 60-minute Workshop.
Our GDPR experts will deliver an hour-long workshop at your workplace, allowing your business to understand the issues and what you have to do next. If you would like to take advantage of our limited time Free Workshop offer, complete the form on this page and we will respond shortly or email mkashis@bishopandsewell.co.uk.
You can also request a copy of our free PDF Briefing on the new GDPR for Directors and Managers.
*Workshops only available for offices located in the Greater London area.
1.0.0.17
