The General Data Protection Regulation (GDPR) comes into force from 25 May 2018. It covers how organisations handle people’s personal data. If your organisation holds the personal data of EU citizens you’re liable. You must ensure compliance or face severe fines of up to €20m or 4% of annual turnover and potentially serious reputational damage.
The GDPR covers how organisations collect, store and use ‘personally identifiable information’. It aims to give individuals greater control over how their personal data is collected, held and used, and by who. The regulation revolves around citizens’ consent. In broad terms it asks organisations to:
- Lawfully, fairly and transparently process personal data
- Collect it for a specific, explicit and legitimate purpose
- Only collect the data that’s necessary to that purpose
- Take steps to ensure data is accurate and kept up to date
- Keep data in such a way that it can be identified and kept for no longer than necessary
- Use appropriate technical or organisational measures to ensure the data’s security
- Be able to demonstrate compliance with the principles of the GDPR
How can we help?
We can provide a Gap Analysis or Verification Statement.
A Gap Analysis will give you an assessment of your current compliance to GDPR. Following an onsite visit you will receive a report to help you identify and prioritise areas that need to be address before the 25th of May.
A Verification Statement provides assurance that your organisation has the capability and commitment to comply with the requirements specified in the General Data Protection Regulation (EU) 2016/679. The statement verifies your organisation has:
- Appropriate records of its processing activities
- Appropriate measures in place to handle the rights of the data subjects
- Appropriate technical measures in place, either directly or in-directly through sub-processors
- Adequate data policies concerning the processing of personal information
Why is a Verification Statement good for my business?
A Verification Statement, will help your organisation:
- Avoid the significant financial penalties of non-compliance
- Avoid the significant reputational impact of non-compliance
- Minimise the cost and disruption of compliance
- Demonstrate your commitment to data protection to all your stakeholders, reinforcing customer trust and confidence in your organisation.