You may now believe your organisation to be compliant with data protection law.
You may have taken steps to ensure:
- You only process personal information in accordance with the principles;
- You have (and can demonstrate) that you have secured true consent to process a person’s information;
- That you have a legal ground to process ordinary and special data;
- That you are able to effectively deal with requests by people to exercise their ‘rights’ under GDPR;
- That you practice both data protection by ‘design’ and by ‘default’;
- That you have reviewed the contracts you have with your ‘data processors’
- That you have assessed the risks to the personal data you control and put in to place appropriate measures to keep information confidential, as it should be and available when you need it.
- That you have an incident management plan should you suffer a personal data breach.
- That you have a Data Protection Officer – if needed.
You may have introduced policies (setting out your usual approach to data protection) and procedures [directions to employees as to what should be done].
However, compliance is an ongoing issue and, with the best will in the world, employees may not do what they have been asked to do or what is expected of them. Indeed, managers may not supervise them. This puts your organisation at risk.
We can carry out an audit of your GDPR compliance and ensure that your policies and procedures are appropriate. In doing so we will check to make sure they are being followed.
If our audit suggests there is a need for additional compliance measures to be taken or policies/ procedures are not being followed we will recommend corrective actions.
We will then, having given you time to put the measures in to place, carry out a follow up assessment.
We can also inspect and audit a data processor for you. These are organisations who process your employee or customer personal data on your behalf.
GDPR places several legal obligations on processors particularly that they should have in place appropriate technical and organisational measures to keep the information you entrust to them safe.
Under GDPR the processor is required to make available to you all information necessary to demonstrate that they comply with GDPR. They are also required to allow you to audit and inspect them.
We can carry out an audit/ inspection of your chosen data processor for you and report back to you.
For further information please contact us.