A review of your organisation’s current position regarding GDPR which includes a report and options for remediation (optionally with areas of specific non-compliance)
What is the GDPR Health Check?
Our health check provides organisations an independent view of their GDPR efforts to date and is useful for organisations:
(a) who are starting their compliance journey and
(b) for those wishing to undertake due diligence on their current GDPR position.
What does the GDPR require?
The GDPR supersedes virtually all current data protection legislation in the EU and was first enacted into UK law in 2016 and has now been re-enacted with derogations into the UK Data Protection Act (2018).
For those starting their GDPR journey the healthcheck provides a strategic and prioritised plan designed to address the major challenges prioritised for your business,
For those organisations who have already started their GDPR compliance journey, the due diligence identifies areas of specific non-compliance and provides specific suggestions on the remediation options available. Our due diligence is free of charge if we identify 4 or fewer specific breaches of the GDPR (this is the equivalent of a ‘legal pen test’)
Why do a Health Check?
You need to understand how GDPR will impact your organisation, including what preparations are necessary to comply with your GDPR obligations.
Your organisation must satisfy the legal requirement to demonstrate that it complies with the GDPR.
Health Check outcomes
The Health Check provides you with a summary of GDPR as it applies to your organisation (including a view of the UK Data Protection Act 2018 for UK-based companies), a view of your current data and processing based on the interview and a prioritised set of next steps (cross-referenced to GDPR) and a high-level milestone plan. It also provides an indication of the effort and timescales required for each action and how we can support you in achieving these.
The action plan covers areas including:
- Embedding best practice re privacy planning and strategy in your organisation
- Updating your privacy notices on websites, email, cookies, to adhere to GDPR
- Upon whom you process personal data on including special categories like health and children
- Documenting the legal basis for processing personal data
- Processing requests to access, delete, amend or transfer personal data
- Whether you need a statutory Data Protection Officer (DPO) or just a lead privacy professional
- Software you use for email, address books, CRM, payroll etc.
- Where you store and access personal data, e.g. in-house, hosted or Cloud
- Relevance of Brexit.