Take steps to protect your customers’ data
Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the General Data Protection Regulation (GDPR).
The GDPR gives rights to your customers and stakeholders and obligations for data controllers and processors. Your customers and stakeholders must be allowed to rectify, erase or move their personal information from your systems. Data controllers need to establish a lawful basis for processing your information, may need to appoint a Data Protection Officer (DPO), impose restrictions on international transfer of your data and install systems for reporting data breach.
We have a thorough understanding of the GDPR and can help you adhere to the requirements. We also offer a virtual DPO service for those companies who require one.
Policies and Procedures
The starting point for effective data protection is a detailed Data Protection Policy. This should then be backed up with more detailed procedures for specific topics. If you are creating policies for the first time, we have templates which will speed up the process and ensure you are covering all the required areas. We can work with you to tailor these templates to your company.
If you have existing policies which are due for review (in particular checking for changes required by the introduction of the GDPR on 25 May 2018), we can help you identify areas that need to be updated and incorporate current best practices.
Before you can prepare a Data Protection policy, you need to understand what personal data you hold. We have experience of running Data Audits to identify personal data together with meta data required by the GDPR such as:
- lawful purpose for processing
- data ownership
- data sharing.
Virtual Data Protection Officer (DPO)
For organisations which need or want to appoint a DPO but don’t have available resources for the role in-house, we offer a virtual DPO service. Our service gives you a named individual who will get to know your business and then act as your DPO, providing on-going guidance to your data protection efforts.