A review of your organisation’s current position regarding GDPR which includes a report and options for remediation (optionally with areas of specific non-compliance)
What is the GDPR Healthcheck?
Our healthcheck provides organisations an independent view of their GDPR efforts to date and is useful for organisations:
(a) who are starting their compliance journey and
(b) for those wishing to undertake due diligence on their current GDPR position.
What does the GDPR require?
The GDPR supersedes virtually all current data protection legislation in the EU and was first enacted into UK law in 2016 and has now been re-enacted with derogations into the UK Data Protection Act (2018).
For those starting their GDPR journey the healthcheck provides a strategic and prioritised plan designed to address the major challenges prioritised for your business,
For those organisations who have already started their GDPR compliance journey, the due diligence identifies areas of specific non-compliance and provides specific suggestions on the remediation options available. Our due diligence is free of charge if we identify 4 or fewer specific breaches of the GDPR (this is the equivalent of a ‘legal pen test’)
Why do a Healthcheck?
You need to understand how GDPR will impact your organisation, including what preparations are necessary to comply with your GDPR obligations.
Your organisation must satisfy the legal requirement to demonstrate that it complies with the GDPR.
The Readiness Review provides you with a summary of GDPR as it applies to your organisation (including a view of the proposed UK Data Protection Bill for UK-based companies), a view of your current data and processing based on the interview and a prioritised set of next steps (cross-referenced to GDPR) and a high-level milestone plan. It also provides an indication of the effort and timescales required for each action and how we can support you in achieving these.
The action plan covers areas including:
- Embedding best practice re privacy planning and strategy in your organisation
- Updating your privacy notices on websites, email, cookies, to adhere to GDPR
- Upon whom you process personal data on including special categories like health and children
- Documenting the legal basis for processing personal data
- Processing requests to access, delete, amend or transfer personal data
- Whether you need a statutory Data Protection Officer (DPO) or just a lead privacy professional
- Software you use for email, address books, CRM, payroll etc.
- Where you store and access personal data, e.g. in-house, hosted or Cloud
- Relevance of Brexit.