Achieving compliance with the impending GDPR, the new EU data privacy law – which comes into effect on 25th May, 2018 – should be viewed more as an ongoing process rather than a one-off activity.
Once it comes into law, the new data protection regulation will afford individuals greater control over their personal data. Furthermore, the new regulation will impose new, more stringent obligations on organisations that collect, handle or analyse personal data.
With ten chapters, ninety-nine articles and one hundred and sixty requirements, the EU GDPR is no simplex law, and here at CG Business Consulting, we acknowledge that implementing the right processes and organisational changes to secure compliance will be not an easy task. Which is why we’ve stepped into the GDPR breach. We want to help our clients overcome as many of the initial challenges as possible, so we’ve pulled together a step by step guide or ‘how-to’, to help you get organised.
We hope you’ll find this short but detailed implementation guide useful. It aims to provide a reliable methodology for both creating and executing an internal GDPR compliance programme. By using the PDCA approach familiar to clients already ISO certified, we’ll walk you through the steps necessary to achieve compliance.
Our guide explains how and when to create a DPIA – Data Protection Impact Analysis – in addition to taking you through which approval processes should be put in place, governance model applied, and what the role of a DPO – Data Protection Officer – is in the context of EU GDPR.
For further information about how CG Business Consulting can help your organisation to successfully address the requirements of GDPR compliance preparation, contact us on 01 – 620 4121 or drop over to our website, https://www.cgbusinessconsulting.com/
PLAN, DO, CHECK, ACT
PLAN – ACTIVITIES
- Appoint a Data Protection Officer
- Define the organisational structure for conducting the GDPR programme
- Estimate the scope of the programme for personal data processing ops
- Define the models, tooling, definitions etc. necessary to conduct the programme
- Define a framework for data protection impact assessment
- Map the processing ops of personal data
- Conduct a preliminary study of levels of risk
- Manage those found to be high-risk
Identify the personal data stored, where it is held and apportion value (levels of risk).
DO – ACTIVITIES
- Control the manner in which personal data is both used and accessed
- Classify personal data
- Improve the security around processing and of personal data
- Implement a process for notification of data breaches
- Encourage engagement and improve internal awareness and collaboration
Control access to and usage of personal data. Implement security controls. Maintain required documentation (for data requests/breaches).
CHECK – ACTIVITIES
- Monitor high-risk data processing
- Check the route to GDPR compliance
- Maintain required documentation (for data requests/breaches)
Monitor and manage. Maintain pre-requisite documentation to handle both data requests and data breaches.
DISCOVER, MANAGE, PROTECT, REPORT
For more information on GDPR or to talk to one of our expert consultants contact CG Business Consulting on 01-620 4121 for a free consultation.