GDPR Discovery Review
Why do we need the EU GDPR? The EU General Data Protection Regulations (GDPR) is the update to the current UK Data Protection Act. It impacts all organisations and determines how we manage data both online and offline.
... protect against data breaches, potential fines and reputational damage.
We are now all reliant on data for almost every transaction that we do whether on PCs, laptops or mobile devices. We rely on technology now to make our lives easier; with saved passwords on our devices or easy click links to save us time searching.
New technologies like Alexa performing activities via voice command or commercial devices such as CCTV’s which can record our ever movement, of biometric finger print entry to offices – the list continues. In each and every case, this new world is dependent on technology which itself is heavily dependent on data. Our data, be it financial, sensitive or behavioural.
Data is very attractive to cyber criminals who can use it typically for financial gain (i.e. credit card data, impersonation etc)., but also for stealing company secrets (blue prints, customer lists etc).
The increase in ransomware and cyber-crime is escalating at extra-ordinary rates as the ‘Wanna Cry’ attack on the NHS demonstrated and more recently the attack on British Airways.
Data is now the new gold, organisations need to rethink about how it is sourced and how it can be legitimately used and protected. For organisations, this presents both risk and opportunity. You are the custodians of this data. Lose it and reputation can quickly be lost. Protect it, and you can differentiate yourself from competitors.
Risk Evolves have a range of services to help you assess, protect and manage your data and the starting point is the GDPR Discovery Review.
What you get from the Risk Evolves GDPR Discovery Review
GDPR Summary: An overview of the GDPR – interactive session that provides you with a summary of the Regulations pertinent to your organisation.
Personal Data Obligations: Inform and advise your staff who process personal data of their obligations as per the Regulation and other EU or local data protection provisions.
Compliance Review & Report: A review of your current compliance with the Regulation, this will involve conversations with your employees to obtain answers to a series of questions. A report and associated action plan will be provided on your compliance status.
GDPR Discovery Review Deliverables:
The output from the GDPR Discovery Review will be a report that shows the high-level compliance against the legislation and any associated recommendations / actions. The report will cover the following:
- Key Areas :
- Accountability & Governance
- Processes and Procedures
- Third Party Management
- Information Security
- Incident Management
- Recommendations to resolve
- Anticipated timescales
- Resource recommendations
- Other observations (e.g. skills requirements, 3rd party involvement etc).
We recommend a risk-based approach to the prioritisation i.e. the areas where there may be least compliance to the regulations and which could have the greatest impact to the organisation (in terms of potential fines, reputation etc.) should be prioritised as key projects within the overall programme.
Our proposed approach will provide you with the ability to proactively demonstrate to all interested parties (including the Regulator) that you are treating data as a critical asset within the organisation.