What is GDPR?
The General Data Protection Regulation (GDPR) is a new regulation put forward by the EU. This regulation will replace the 1998 Data Protection Act (DPA), in order to bring legislation into line with the current ways personal data is being used. Furthermore, it will emphasise the importance of data subjects’ consent and the transparency in data collection and usage.
The new regulation comes into force on the 25th May, by which time all businesses must be fully compliant. Failure to be compliant can result in various sanctions from the ICO. This sanctions include fines of up to €20,000,000 or 4% of global turnover.
At IntoZetta, our team of experts are ready to ensure that you and your business are fully prepared and compliant with GDPR before the May 25th deadline. Our service is completely customizable and ranges from an advisory role, if you simply need advice from our subject matter experts in order to understand GDPR further and where your business may need to make some alterations, to a complete end-to-end compliance management service.
Our clearly defined options are available as a full suite or through individual implementation as required, and include the following:
The first step in ensuring full compliance with GDPR is to conduct an audit of the data that your organisation currently stores and processes. Once we have completed a deep dive to uncover personal, sensitive and high-risk data, we will produce compliance decisions and the input for a risk assessment and GDPR compliance review.
We will produce a tailored GDPR requirements review based upon the data currently stored, processed and managed by your organisation. We will recommend the most appropriate vendor or internal solution and project accelerator toolkit, as well as define the privacy enterprise architecture and technical solution to create a privacy by design data environment in order to ensure current and future GDPR compliance.
RISK ASSESSMENT & POLICIES
We will conduct the project management of the recommended technical and organisational solutions. We will supply outsourced managed services for information requests and provide an end-to-end framework for delivery of GDPR compliance, as well as more efficient data management and control.
We will produce an organisational solution in order to deliver full GDPR compliance, as well as embed privacy by design in the organisation, which will ensure compliance and better data management for the future of your organisation. Furthermore, we will make changes to accommodate privacy best practices within the business.
If required, we can provide subject matter experts to advise on best practice approach, as well as interim Data Protection Officers for your organisation. We will also conduct privacy governance oversight to ensure GDPR compliance and a transparent, fit-for-purpose data environment.