We take a pragmatic approach, helping our clients assess what changes their businesses need to be compliant.
Our assessment covers all three elements – technology, processes and supplier contracts.
We generate a GDPR compliance document that becomes the central work-in-progress document.
This record all the steps taken to ensure compliance, and to aid the ongoing actions required.
It includes a data register and data flow charts, documenting interactions within the business and with third party suppliers and partners.
We look at how data is stored, both on premise and offsite with suppliers, plus who has access. (This impacts risk, and the ability for organisations to comply with requests from data subjects who wish to be forgotten.)
We take a logical, audit based approach to generating a data inventory, how data is brought into the organisation, processed and controlled, to give our clients the reassurance they require.
Our clients have also turned to us to create new documentation:-
- new privacy policies
- new terms for customer facing contracts
- to make changes to NDA’s
Finally an area sometimes overlooked by GDPR programmes – who is agreeing contracts updates with all your IT suppliers, to ensure their contract with you meets the new regulations? This translates into a batch review of the nominated key contracts, and a series of supplier negotiations, to get final updates agreed.
If your GDPR programme has slowed down since the deadline, do get in touch.