EU GDPR Readiness Assessment
With the date for compliance with EU GDPR fast approaching, it is important that organisations of all sizes take action now to ensure compliance can be met.
Many companies are likely to find meeting the requirements of the EU GDPR a challenge. Not because they are substantially more onerous than the 1995 Directive, but because many organisations are behind what the 1995 envisaged they should already be doing.
There is significant emphasis in the EU GDPR ensuring consent to hold and use data is willingly given by a data subject, and if they change their mind later, then their data can be erased or transferred to a place they then want it to be. It can therefore be difficult to understand where to start to achieve compliance.
Our EU GDPR Readiness Assessment provides your business with a review of current practices against the obligations of the EU GDPR, and provides the basis on which your business can plan to achieve compliance.
The results of the assessment can be used to form is the basis of a remedial plan with an assessment of risk if completion by 2018 cannot be achieved.
Our EU GDPR Readiness Assessment takes a holistic look at your business, and works with you to understand the types of personal data which your business handle.
A detailed plan enables your organisation to get started on the work need to be compliant. Sooner started, this reduced the likelihood of disruption and excessive costs.
Fast Track Your Compliance with the EU GDPR
Request a free EU GDPR Compliance Consultation
Our consultants begin by holding an EU GDPR Discovery workshop with your business, articulating the requirement obligations of EU GDPR and gain a shared understanding of current personal data held by your business and the use of this data for business purposes.
With the key areas and contacts identified, we then perform a comprehensive review of your existing compliance against the EU GDPR. This will involve a structured question technique that addresses the requirements in the EU GDPR, and reviewing existing documentation to ascertain the inclusion of principles such as ‘privacy-by-design’.
Following this review, we then present back our findings in a clear business level executive report highlighting the current compliance level, short-term recommendations, and a full high level strategic roadmap for your business to achieve full compliance with the EU GDPR.
- Provides an accurate snapshot of organisational readiness to comply with EU GDPR
- Outlines key risks of non-compliance if completion by 2018 cannot be achieved.
- Highlights current risks and necessary steps in executive-level terms
- Provides a clear high-level plan and road-map for achieving full compliance
- Identifies areas requiring immediate attention, and cost effective remediation solutions, in prioritised terms.
- Supports business case definition and EU GDPR remediation planning
Step 1: Pre-Assessment Phase (Off- Site)
- Meeting with key staff members
- Walk-through of engagement activities, and agree roles.
- Confirm on-site requirements have been provided
- Review existing Data Protection Policy (if available)
- Review existing Information Security Policy Documents (if available)
- Provide workshop questions to support information gathering in advance of on-site workshop & Gap Analysis.
Step 2: Discovery (On- Site Workshop)
- Hold scoping workshop with IT Development, Data Protection and Information Security represented at decision maker level.
- Walkthrough of existing Data Protection Policy
- Assess and understand current organisational culture and current Data Protection policy
- Discuss extent of current personal data holding knowledge and usage for business purposes.
- Review Existing Information Security Management System in respect to GDPR requirements
- Identify contacts for more accurate information on data holding and change process (as needed)
Step 3: Gap Analysis (On- Site)
- Completion of detailed EU GDPR Questionnaire lead by EU GDPR Consultant.
- Record statement of gaps between current practice and requirements to meet EU GDPR Compliance.
Step 4: Reporting Phase (Off- Site)
- Creation of the EU GDPR Executive Summary Report
- Definition of work to resolve gaps into logical projects including objective, resources involved, complexity and high-level costs.
Step 5: Debrief Phase (Off-Site)
- Walkthrough of gaps between current practice and requirements for EU GDPR compliance
- Presentation of plan for endorsement by the company executive
- Nominate Programme Senior Responsible Owner (SRO) and key roles
- Nominate Project Executives for individual projects. (PRINCE2 method or client company preference)
- Total: Dependant on Scope
- Onsite: Dependant on Scope
- Remote: Dependent on Scope
- EU GDPR Readiness Assessment Workshop- A workshop with key stakeholders to ensure a clear understanding of obligations, current usage of personal data for business purposes and overview of approach.
- EU GDPR Readiness Assessment Executive Report– a high-level summary of our research, including overall statement of EU GDPR Compliance, Risks Assessment, remediation activity, delivery time-lines and resources
- EU GDPR Controls Assessment Matrix –Compliant, Partially Compliant or Non-Compliant Status
- EU GDPR High-Level Remediation Plan- A prioritised high-level plan outlining key milestones, timings and assigned resources required to achieve EU GDPR Compliance
- EU GDPR Executive Remediation Roadmap – a prioritised high-level roadmap outlining the work streams and remediation activities required
Optional Related services
- EU GDPR Data Discovery
- Data Classification
- ISO 27001 Consulting Services
- IAPP CIPP/E (GDPR) Training Course