This is the most significant development in data protection that Europe, possibly the world, has seen over the past twenty years. GDPR is designed to better take into account modern technologies, the way we work with them today and how we are likely to work with them in the future. In addition, there is a much greater emphasis on compliance following a widely held belief that business had not taken data privacy seriously enough previously. As a consequence, penalties are considerably harsher and the compliance requirements are intended to spread a far wider net to include small and medium businesses.
How do Black Penny help you get ready?
Using the most comprehensive methodology and framework available, Black Penny are able to offer a range of engagements to get your business ready for GDPR. The Framework and methodology covers all articles within the legislation and gives your business the assurance that it is ready!
The engagements range from a 4 step gap analysis for your business, the same for Service Providers or a full GPDR Essentials Compliance Framework;
We provide an overview of the key components of GDPR and how it affects your customers.
The workshop stage consists of a combination of interactive workshops, designed to generate a high level of understanding of the impending legislation and any changes to system, policy or process to achieve GDPR compliance.
Audit Dry Run
We take you through the multi point Audit process explaining what is required for a successful audit.
Audit & Report
We visit your premises and conduct the multi point audit under the lead of your Compliance Team/Data Manager. Following successful completion, we provide a documented report, certificate and use of the GDPRReady logo.
The ‘Educate’ stage consists of a combination of interactive workshops and stakeholder GDPR overviews, designed to generate a high level of understanding of the impending legislation and any changes to system, policy or process to achieve GDPR compliance.
The ‘Discover’ stage uses the Data Protection Impact Assessment (as recommended by the Information Commissioners Office) to discover any risk or exposure the firm may currently have. This stage then works through a series of pre-defined templates to ascertain data flows, risk registration and data that is not searchable ‘Dark Data’.
Using the GDPR Essentials Task Assignment Schedule, Black Penny will document actions needed to prepare for and maintain GDPR compliance. Understanding budget required and systems and processes that require modification. This will use the strategic direction of your business to draw a continued view for compliance into the future.
Preparation will be completed for new obligations as part of the GDPR such as Breach Response and DSAR Processing. We will assist in the review of existing InfoSec policies and procedures to ensure they align with GDPR.
We include a comprehensive audit checklist to assist your preparations for an ICO data protection audit.