GDPR Consultancy Services
Sirch Solutions provide essential compliance consultancy support to Businesses throughout the UK.
Working directly with consumer data you will be quickly required to comply with the new GDPR by May 2018.
We offer advice to help ensure you will be fully GDPR compliant. Sirch Solutions can professionally support you with full companywide audits, knowledge, interpretation and practical steps that need to be applied on a routine to comply with the new data protection regulations.
We can assist you with your GDPR implementation and with staff training in GDPR.
Sirch Solutions can provide an online GDPR toolkit available for download.
The toolkit comprises all of the mandatory policies you will need to implement across your business before the law changes in May 2018.
Our policies have been designed by an industry professional with a regulatory background. The procedures are developed with small to medium businesses in mind and can either be accessed online as generic templates or, if you would like a more bespoke service, we can design a suitable toolkit specific to your business needs.
- Data Protection Audit Checklist
- Data Protection Policy
- Information Security Policy
- Data Impact Assessment Policy
- Data Retention Policy
- Data Subject Access Request Procedure
- Data Portability Procedure
- Recording Consent Procedure
Our Compliance Specialist can undertake a one-day GDPR Audit. The purpose of which is to focus your business needs to determine what processes need to be implemented before GDPR comes into force. The audit will comprise a checklist process and risk assessment to identify priorities. A review is often the best starting point to determine whether your current methods will stand up to GDPR and whether a more bespoke Toolkit is required.
We can also look at your technologies to ensure your CRM system will withstand the new requirements for recording consent and how you manage and maintain your customer database going forward.
The technology systems used on a daily basis to capture, store and process personal consumer data need to be ready to meet the challenge of GDPR just as much as your staff and internal policies. Using systems or solutions, not fit-for-purpose is a sure-fire way to undermine your efforts to become compliant.
Sirch Solutions can empower your business by performing a full GDPR technology review. This is
Sirch Solutions provide a comprehensive technology assessment to ensure that internal software systems are fully GDPR compliant and mirror the new companywide GDPR policies.
There are many aspects to the GDPR that will take considerable time to achieve, and all organisations should be looking at these now.
The team of Technology Regulation experts can support you to:
- Teach senior management teams and employees on the changes that the GDPR will bring and ensure that they are fully aware of how these changes will affect the organisation.
- Architect your risk, policy and procedure environments to help you ensure your business operates efficiently in line with the GDPR regulation requirements.
- Assure the policies you have in place around GDPR are giving you independent and timely information on the state of your data management concerning GDPR regulation requirements.
- Manage your GDPR requirements and objectives, making sure you blend education, architecture, and assurance in a way that is appropriate to your operation.
So what are the changes expected under the new GDPR regulation?
There are dozens of headline changes that technology-led companies should be aware of. Some of the critical areas include:
- Privacy by design – privacy by design calls for the inclusion of data protection from the onset of the designing of systems. Companies must also only hold and process data which is necessary.
- Data processors – those who process data on behalf of data controllers, including cloud-providers, data centres, and processers. Liability will extend to these and businesses that collect and use personal data.
- Data protection officers – internal record keeping and a data protection officer (DPO) will be introduced as a requirement for large-scale monitoring of data. Their position involves expert knowledge of data protection laws and practices, and they will be required to report to the highest level of management directly.
- Consent – explicit permission to hold any personal data in electronic systems will become mandatory. It will no longer be possible to rely on implied consent with individuals having the option to opt-out.
- Breach notifications – the notification of a breach, where there is a risk that the rights and freedoms of individuals could become compromised, must be reported within 72 hours of the violation being identified.
- Right to access – data subjects will now have the right to obtain confirmation from you of what personal data is held concerning them, how is it being processed, where and for what purpose.
- Right to be forgotten – data subjects will now have the right to be forgotten which entitles the data subject to have you ensure that information is deleted from every piece of IT equipment, portable device and server back-ups and cloud facilities.
Sirch Solutions offer a complete GDPR consultancy service where we’ll work companies through the stages required to be GDPR ready – a process that involves.
- GDPR Readiness Assessment
An initial readiness assessment will be conducted with the manager responsible for data compliance.
This assessment will investigate the organisations’ current compliance level, management awareness of GDPR and identify any particular data risks.
Information will be shared with Senior managers explaining the basis and impact of the GDPR regulations aimed at raising awareness and preparing the team for involvement in the proposed data audit.
- Data Audit
An in-depth audit will be completed investigating all categories of personal data maintained by the organisation. Also, existing systems and processes for managing that data will be reviewed.
The audit will include managers from all departments responsible for the management of personal data
- Review what data is necessary for the operation of the business and how long it should be kept
- Identify legal basis for each data category
- Review privacy notices for each data category
- Compile register of data processors and ensure Data Protection Agreements are in place for each
- Create Subject Access Request : (SAR) Process and ensure compliance with new code
- Define a procedure for notification of data breach to regulatory authorities
- Compile a Privacy Impact Assessment for any high-risk activities
- GDPR Compliance Action Plan
The outcome of the data audit will be compiled into a GDPR compliance action plan.
- GDPR Review
Regular reviews will be conducted as part of the serviced to evaluate progress made in completing compliance action
- Resource heavy
The challenge to the sector will be the information audits, planning, putting the processes in place, and updating or re-writing policies.
This is a mammoth task for any business. But, once those things are in place, the company should be set up to demonstrate its compliance – and the need is clearly there given penalties for non-compliance will be severe.
It’s a serious issue and a substantial drain on time and resources – especially when you consider every client has the right to request information.
Companies will end up producing the following documentation, which needs to be managed by an internal data protection officer:
GDPR key documentation
- A complete set of mandatory and supporting documentation templates that are easy to use, customisable and ensure compliance with the GDPR
- Data protection policy
- Training policy
- Information security policy
- Data protection impact assessment (DPIA) procedure
- Retention of records procedure
- Subject access request form and process
- Privacy procedure
- International data transfer procedure
- Data portability procedure
- Data protection officer (DPO) job description
- Complaints procedure
- Audit checklist for compliance
- Privacy notice
- Guidance documents
- Pseudonymisation, minimisation and encryption guidance
- Guidance on selected toolkit items
If you would like further GDPR information or to find out more about our services, please contact the dedicated GDPR specialist team on 0800 655 6945 or send us a message using our online form
Get Started Now
We are ready to begin working with you to deliver a solution that helps you realise your goals. Contact us today for a free, no obligation consultation.