Data Protection Legislation
This is the most significant development in data protection that Europe, possibly the world, has seen over the past twenty years. The GDPR and by default, the Data Protection Act 2018 (Data Protection Legislation) are designed to better take into account modern technologies, the way we work with them today and how we are likely to work with them in the future. In addition, there is a much greater emphasis on accountability following a widely held belief that business had not taken data protection seriously enough previously. As a consequence, penalties are considerably harsher and the compliance requirements are intended to spread a far wider net to include small and medium businesses.
The consequence of Brexit is that the UK will fully detach from the EU and the direct application of the GDPR. However, it is expected that the DPA 2018 will be adapted to embrace the new arrangement with the EU and be known as ‘the UK GDPR’.
How do Black Penny help you get ready?
As with every engagement that Black Penny Consulting complete it starts with the Organisation. By firmly understanding the structure, operating model and mission of the organisation we can deliver advisory services that are tailored and appropriate.
Black Penny have developed a Data Protection Alignment Framework which assesses an organisation against a best practice operating model with regards to data management. This framework has been developed to address the 4 core pillars that underpin Data Protection legislation, across ‘People’, ‘Process’, ‘Technology’ and ‘Policy’.
People
People are the most important component of a successful data protection regime. Black Penny focus on developing a network of key roles within your organisation, such as the Data Protection Officer, Data Protection Champions and an overarching Governance Group. These roles are established early, assisted by training to increase Staff Awareness
Process
Data protection legislation centres around an organisations Data Processing Activities and how it demonstrates its accountability for this data. Black Penny will work with you to capture and document how personal data flows throughout your organisation. In addition Black Penny will embed the mandatory processes for Subject Rights Requests, Data Breach Response and Data Privacy Impact Assessments
Technology
The evolution of data protection legislation has been inline with emerging technology. All organisations make use of a vast array of technology to help them operate efficiently. With a deep routed understanding of this space, Black Penny will work with you to capture the Data Systems in use, assess them using the DPIA and consult on their security provisions
Policy
A key principle of data protection legislation is the concept Transparency. All organisations are required to be transparent on what personal data they process and how they do this. Black Penny will use the detail gathered as part of the Process pillar to develop appropriate Privacy and Retention Policies. This will also include the capturing of any Third Party Providers in use within the organisation and reviewing the contracts that bind them to you.
