If your GDPR programme has slowed down since the deadline, do get in touch.
We take a pragmatic approach, helping our clients assess where they’ve got to, and what needs to happen next.
Our assessment covers all three elements – technology, processes and supplier contracts.
We generate a GDPR compliance document that becomes the central work-in-progress document.
Our approach includes the mandatory information risk register, mapping the key data flows, and documenting interactions within the business and with third party suppliers.
We look at how data is stored, both on premise and offsite with suppliers, plus who has access. (This impacts risk, and the ability for organisations to comply with requests from data subjects who wish to be forgotten.)
We take a logical, audit based approach to generating a data inventory, how data is brought into the organisation, processed and controlled, to give our clients the reassurance they require.
Our clients have also turned to us to create new documentation:-
- new privacy policies
- new terms for customer facing contracts
- to make changes to NDA’s
Finally an area sometimes overlooked by GDPR programmes – who is agreeing contracts updates with all your IT suppliers, to ensure their contract with you meets the new regulations? This translates into a batch review of the nominated key contracts, and a series of supplier negotiations, to get final updates agreed.