Fully applicable across the EU in May 2018, the General Data Protection Regulation is the most comprehensive and progressive piece of data protection legislation in the world, updated to deal with the implications of the digital age.
Days remaining until GDPR D-Day
Online GDPR Compliance Service
The online GDPR service is a data protection management solution designed to help you understand how to comply with the GDPR. IMPORTANT: No matter efficient any existing data protection program your business may be for previous directives, you should not assume that it will be sufficient to demonstrate compliance after May 2018.
- GDPR guidance – Understand what your organisation needs to become compliant with the GDPR.
- Compliance assessment – Create your business profile and generate a customised data protection program.
- Data Protection Officer – Do you need a Data Protection Officer? Provide them with tools to implement and oversee ongoing compliance.
- Governance – Customised data protection policies and contracts for your clients.
- Employees – Provide training and awareness programs for your staff.
- Compliance – Manage compliance for all areas of data protection.
- Data sharing – Define what processors can do with the personal data you share with them.
- Subject access management – Honour requests for information access, rectification, erasure and portability.
- Processors – Protect the personal data you outsource e.g. a payroll service company.
- Data breach management – Manage responses and report personal data breaches to the appropriate authorities.
By enquiring you will also receive a complimentary copy of the 88 page EU regulation 2016/679 document along with a list of definitions used in the document.
When you sign up for the service, it automatically creates a user for the Owner/CEO (the Controller) and the Data Protection Officer (if you appoint one). You may add further users as ‘Administrator’ (all access), ‘Compliance User’ or ‘HR User’ (selected access). New users will receive an email with a link through which they set their password.
The service provides the ‘Controller’ (the person or body who determines the purposes and means of the processing of Personal Data) with a section summarising their responsibilities in order to familiarise themselves with GDPR requirements before embarking on a data protection program as well as an opportunity to understand how the service’s functionality supports the Controller in delivering and maintaining the program.
GDPR Requirements Information Summary Topics
- Controller’s Accountability
- Requirements Summary
- Records of Processing
- Data Protection by Design
- Data Protection Impact Assessment
- Prior Consultation
Prior to stepping through the data protection program, the online service takes you through an online “Business Interview” based on questions about whether your organisation
- outsources the processing of personal data
- shares personal data with third parties
- is likely to transfer personal data outside the EU
- is a franchisee
- is a franchisor
- is a holding company with subsidiaries
- is a subsidiary of a holding company
- collects personal data of children
- uses Automated Decision Making
You will then proceed to mapping your business data across
- Data Subject Types (the individual to whom personal data belongs) e.g. Customers, Suppliers, Employees, Consultants)
- Data Types (standard and sensitive) e.g. Name and Identification, Email, Social Networks, Employment History, Location Information, Telephone contact details. Sensitive data examples include Health, Political Opinions, Racial or Ethnic Origin, Religious or Philosophical beliefs, Sex life or Sexual orientation, Trade Union membership
- Collections Sources e,g, Blogs Or Forums, Electronic Forms, Email, Employment & Recruitment Agencies, SMS, Social media, Telephone
- Processing Purpose/Retention Period e.g. Communicate by email, sms or telephone, Follow up on complaints or compliments, Manage recruitment and employment, Perform administration & marketing, Provide products and services
- Processing Location (indicating whether outside EU) e.g. Email marketing service, Employee laptops, File and print servers, Marketing automation service, Payroll service provider, SaaS provider
Depending on your responses, you will then have the option to subscribe to the recommended package which will provide you with the relevant set of features and processes to make your business GDPR compliant. Packages start at 90.00 GBP / month for the self-service option.
Enquire today for further information and receive a complimentary copy of the 88 page EU regulation 2016/679 document along with a list of definitions used in the document.
Enquire about the online GDPR service