Did you know the General Data Protection Regulation is already UK law?
The enforcement will apply from 25th May 2018 and have a wide-ranging impact on all companies processing personally identifiable information (PII) - including fines for breaching regulations.
Through our portfolio of training and discovery services, we can help you identify the PII in your organisation, and the flow of data.
Our team can assist in defining relevant processes to meet compliance with the new legislation and the technology that can assist.
Gain a comprehensive understanding of the proposed changes to data protection legislation and what the implications are for your organisationLearn more
Understand where data comes into your organisation, how it is processed, where it resides and who you share it with by conducting a personal data flow analysisLearn more
Following the data flow exercise, our practitioners will assess the processes, practices and safeguards you have in place to manage PII and ensure you are compliant with the GDPRLearn more
We have produced this white paper to assess the impact of the General Data Protection Regulation, primarily from an IT perspective - examining the role that IT can, will and has to play in the implementation of the new requirements.Find out which IT tools can help
The principles of the GDPR are similar to the DPA, with several key enhancements and additional obligations which will impact every organisation. Understanding what PII exists as well as how it is stored, processed and protected is essential to remaining compliant and to ensure that the rights of the individual are protected.
Protecting personally identifiable information is essential in order to comply with the GDPR. Organisations will be required to implement both technical and governance measures in order to address the risks posed. This will mean ensuring the ongoing confidentiality, integrity and availability for your data processing systems.
Businesses will be required to make it easy for individuals to exercise the right of access to their information, the right to object to direct marketing and profiling, and to move their data between suppliers. The GDPR recommends that individuals are provided with remote access to a secure self-service system, granting access to their data.
A personal data breach refers to a breakdown in security, leading to the destruction, loss, alteration, unauthorised disclosure or access. The consequence of a breach is more than just the loss of personal data. Once discovered, it must be reported within 72 hours and if considered high risk, the individuals must be notified