Establish Data Governance FrameworkSet out your business’s approach for data protection and assigning management responsibilities
Update Policies and NoticesBuild a data protection policy that is approved by the management, published and communicated to all stakeholders including staff, suppliers, and customers.
BUILD DATA ASSET MANAGEMENT PROCESSBuild an asset register to record data processing activities with details about the personal data you hold, where it came from, who you share it with and what you do with it.
ESTABLISH LAWFUL BASIS OF DATA PROCESSINGDocument the various types of data processing you carry out and identify the legal basis for carrying it out
IMPLEMENT CONSENT MANAGEMENT PROCESSRequest for consent should be prominent and separate from your terms and conditions. If current consent doesn’t meet the GDPR’s high standards, you will have to seek fresh GDPR-compliant consent.
INDIVIDUALS RIGHTS & DATA ACCESS RIGHTSImplement processes to recognize and respond to any individuals request. The individual should be able to verify the accuracy of the information you hold about them and modify/delete it
INTEGRATE WITH RISK MANAGEMENTEstablish a set of security policies and procedures, and assign responsibilities to support good information risk management. Establish a policy which sets out when you should conduct a Data Protection Impact Assessment, who will authorise it and how it will be incorporated into the overall project plan
IMPLEMENT SECURITY CONTROLSEstablish a process to monitor compliance of the security policies and regularly test the measures to provide assurance that they continue to be effective
CONTROL DATA TRANSFER OUTSIDE EUEnsure that any data you transfer outside the EU is handled in compliance with the conditions for transfer set out in Chapter V of the GDPR. Ensure that data security is in place, that is documented in a written contract using standard data protection contract clauses
CONTROL THIRD PARTY PROCESSING OF PERSONAL DATAEnsure that whenever your business uses a third party who processes personal data on your behalf, there is a contract in place. Make certain that you consider approved code of conduct or certification schemes to help you demonstrate that you have chosen a reliable processor.
ESTABLISH DATA PROTECTION OFFICEEvaluate need for Data Protection Officer on the basis of the nature of your business and data processing. Assign responsibility for data protection compliance to a suitable individual and provide appropriate training.
IMPLEMENT DATA BREACH MANAGEMENTTrain staff on how to recognize and report incidents as soon as they become aware of them. Set a process to investigate and implement recovery plans.
ESTABLISH ICO COMMUNICATIONSRegister with ICO and maintain auditable records of all communications to/from ICO
MANAGE CULTURAL CHANGEProvide data protection awareness training at regular intervals or as and when required. Test awareness levels of your staff.
AUDITS AND CERTIFICATIONGet your program audited by internal, independent client auditors. Subscribe to certification schemes to demonstrate a level of readiness.
Accelerate your compliance
REQUEST A DEMO
Our easy to use compliance management system will handle it all.