Data protection compliance review
A review of your business’s data protection and privacy compliance. Includes initial assessment (virtual or on-site) and summary report on work needed to meet compliance obligations. For further information or to discuss further, please get in touch.
We can carry out a GDPR and data protection review of your business. The review will be split into two parts:
Part 1: Fact Finding
- An analysis of the data collected, stored and processed within the business. This analysis will require access to appropriate members of staff who are able to answer questions relating to the various types of data your business processes, how it’s collected and the systems used for the storage and processing.
- A review of the current data protection practices and systems. Specifically, looking to understand how data flows around your business, what it is used for and the approach across the business to data protection compliance.
- A review of data protection related policies from across the business.
Part 2: Report of Findings
The output from the review will be a summary report, with a list of actionable recommendations of what elements of the current processes, systems, etc. need changing and what those changes should be.
Part 1 of the work will rely on access to relevant employees across the business and will include interviews and discussions either remotely (via phone and Skype) or in person (travel costs will apply for onsite reviews).
Specific attention will be made to:
- Your business’s general approach to the collection and processing of personal data to ensure you are doing so within the confines of the data protection regulation
- Your marketing (if any) procedures and policies relating to consent and legitimate interests for marketing purposes Your business’s approach to individuals’ rights in terms of the storage and processing of the data
- How secure your data is in terms of storage and access rights
- Your procedures relating to documenting your processes and approach to the data relating to the new rules for recording
- How you incorporate data protection into your services and project currently and going forward (i.e. your approach to “data protection impact assessments”)
- Whether you need specific personnel within your organisation to manage ongoing compliance
- Your approach to dealing with a potential breach
Once you have ordered this product we’ll be in touch to arrange further details and a time to carry out the audit.