ExistBI can help you meet GDPR requirements
ExistBI are helping organizations around the world understand the impact of GDPR and create project frameworks to guarantee compliance with these new regulations. This year the Data Protection Directive with be replaced by the European Parliament and Council’s General Data Protection Regulation (GDPR). This will be the primary law governing how businesses manage and protect EU citizens personal data. Companies have to comply by these new regulations by May 2018. For those who do not comply, there are significant fines. The Information Commissioner’s Office (ICO) have created a checklist to ensure your company complies with the new regulations. This checklist is an online calculator, one for data controllers and a separate one for data processors.
The recommended approach to this impact on your company is to raise awareness of the forthcoming changes and highlight potential compliance problem areas to the relevant people. An audit is the best way to review the personal data you hold; where does it come from, how is it processed and stored. The GDPR has additional requirements related to your companies Privacy Notice, information provided when obtained personal data. Similarly, you should review your consent procedures against the new GDPR standards. Assess your need to obtain the individual’s ages and subsequently their parental or guardian consent. The GDPR is focused on the protection of children using online service, especially those related to social networking. They have set the age of consent at 16 (although this can be lowered to 13 in the UK). The GDPR has made it mandatory to have a Data Protection Impact Assessments (DPIAs) in cases where the data gathering process could potentially result in high risk. Once this information has been obtained the GDPR has additional enhancements to previous regulations related to individuals’ rights such as; right to rectification, right to data portability etc. This is the time to review your current procedures, should such a request occur. Evaluate your lawful basis for processing personal data, as under the new regulations some individual’s rights may vary depending on this. Your lawful basis should be documented in your Privacy Notice and within any request for information, this will ensure you comply with GDPR accountability guidelines. Review your policies should you have a data breach, the GDPR may not only require you to report it to the ICO but in some cases to the individual themselves. The changes required to adhere to the new legislation are not insignificant, by having a designated Data Protection Officer to ensure compliance.
How can we help you?
Our data strategy specialists detect the effect of the GDPR on your organization and customs, deliver and support digital data transformation programmes to reach compliance and enhance data privacy within your processes.
- GDPR readiness assessment
- Our data specialists will design and implement a sustainable privacy and data protection programme
- We partner with the leading GDPR solution providers such as Informatica, Collibra and Microsoft to understand the complexities of integrating the GDPR into your operational environments.
- Read more about our GDPR Consulting Services