Taking care of GDPR compliance
The principle of accountability in the new Regulation requires organisations to demonstrate that they comply with the principles and states explicitly that this is their responsibility.
The Information Commissioner’s Office says on its website that organisations must:
Implement appropriate technical and organisational measures that ensure and demonstrate that they comply. This may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies.
And maintain accurate, up-to-date, relevant documentation on processing activities.
What we deliver
An Accountability framework comprising:
- A top level control document to record progress towards compliance detailing roles and responsibilities, key data protection policies and procedures relevant to operations and training
- A list of datasets covering operations and support functions such as finance and HR. We take managers through the process of identifying datasets with personal data in their control, then build a picture of the compliance of each data set with both GDPR and existing data protection law
- A checklist of current compliance weaknesses based on the 1998 act and
- A road map of activities and timing for compliance with GDPR