GDPR Audit & Assessment
The General Data Protection Regulations (GDPR) came into effect on 25 May 2018 and replaces most of the provisions of the UK’s Data Protection Act 1998 (which became the DPA 2018) and other local data protection laws and directives across the European Union. It introduced new procedures and tougher rules on how personal information must be handled and protected.
GDPR is clear and concise, but carries substantial financial penalties for non-compliance and significant reputational harm, than ever before.
Working with decision makers and key management to assist in implementing GDPR audit measures, we will help audit your organisation’s readiness and resiliency by testing systems, processes and infrastructure for security soundness.
How we can help
- Conduct information audits across the organisation to review, identify and assess the data being held
- Conduct specific Data Flow assessments providing Gap Analysis to identify control weakness, strengths and areas for development
- Work with the organisation to, design and implement appropriate technical and internal measures to ensure Data Protection is designed into all processes
- Work with the organisation to design a Data Privacy Impact Analysis framework linking to pre-existing risk management and project management processes
- Review the processing of data, identify and document the lawful basis for the processing activities, including clear and concise consent mechanisms
- Review the GDPR risks on the organisation’s Risk Register and create the critical list of control weaknesses versus actions required by the GDPR legislation
- A complete review and/or develop framework of policies and procedures needed to ensure GDPR audit compliance and provide a plan for Data Protection or Privacy by Design documentation
- Monitor compliance with data protection policies and regularly reviewing the effectiveness of handling/processing personal data and updating security controls
- Develop and provide a clear Road Map needed for regular review of security access and controls to ensure privacy and security of personal data resulting in a documented Data Protection Impact Assessment framework
- Help the organisation develop a staff training and awareness program