GDPR is now live and everyone should be compliant. In reality, the majority of UK businesses have yet to implement a full and compliant process. Compliance with GDPR is mandatory, cost of fines and legal actions are heavy and reputation damage high following breaches. However, GDPR can present great opportunities for organisations to understand what and where their data is held, to review and improve security and to enhance their client experience and trust. The Health Check is part of our GDPR Integrated Technology and Solutions (“GDPR-ITS�) which offers end to end support for your GDPR requirements. GDPR-ITS includes C-Hub, our web-based GDPR portal which provides the framework and key steps required to implement GDPR from any gaps identified in the Health Check. See overleaf for a step by step guide through this process, and how we can help you.
www.3ldc.com
+44 (0)20 7129 1270
gdpr-its@3ldc.com
Twelve Points To Support GDPR Health Check 1
2
3
Governance • Accountability • Structure • Oversight
Regulation Assessment • Highlight regulatory change • Analysis of impacts to your business
PII Audit • Identify PII data • Risk assessment of PII data held
6
5
4
Consent Management • How gain consent • New products & services
Privacy Policy • Adequacy of policy in place • Updating & maintaining policy • Communication & opting in/out
Policies & Procedures • Policies required (IT, HR, etc) • Supporting procedures
7
8
9
Individual Rights • Portability • To be forgotten • Amendment • Erasure
Breach Management • Identification, impact assessment & mitigation • Escalation & reporting • Lessons learned • On going monitoring
Info Security • People • Systems • Process
12
11
10
Data Processors & Sharing Data • Legal contracts • Monitoring & assurance
Change Management • DP Impact Assessments • New processes & systems • New suppliers/data processors • New management & staff
Training & Awareness • Awareness training • SME training • Exec/Senior management training • Partners & outsourced services
Your Solution If you require further support, 3LDC’s specialist advisory team has created GDPR Integrated Technology and Solutions (“GDPR-ITS”) which offers end to end support for your GDPR requirements. GDPR-ITS draws together a partnership of experts to provide a suite of the key components encompassing consulting, technology and legal to systematically guide and support you through a successful GDPR programme. This service encompasses key areas including the Health Check, the 3LDC GDPR C-Hub, policies and procedures, data interrogation, data protection (encryption of mails and folders), IT security enhancement recommendations, legal advice and insurance. All provided in an integrated manner, by 3LDC and our partner firms.
For advice or guidance on GDPR-ITS please contact Nigel Tuppen or Nick Murphy GDPR Integrated Technology and Solutions at Email: gdpr-its@3ldc.com
3 Lines of Defence Consulting Limited 67 Grosvenor Street, Mayfair, London, W1K 3JN
www.3ldc.com
+44 (0)20 7129 1270