- October 1, 2018
- Posted by: Ciara Murphy
- Category: Consulting, Data Protection
As you are aware the introduction of the General Data Protection Regulation (GDPR) on May 25th is going to have a significant impact on all organisations that process or control an individual’s personal data. GDPR is not only more rigorous than the current regulations, but the fines that go along with it are much more onerous.
Coming from legal, IT, cyber security, financial and senior business backgrounds, our expert team comprises those with a unique mix of project management skills and a solid, in-depth knowledge of data protection and GDPR.
With our groups 23+ years’ experience in Lean we can tackle your GDPR challenges in a logical and systematic way. Most importantly we can help with the ongoing management of your data protection needs through our automated systems and processes, ensuring your organisation remains compliant.
ReganStein’s GDPR Services
- GDPR Readiness Assessment (Gap Analysis)
- Readiness assessment with report
- Actionable steps
- Completed questionnaire
- Gap analysis
- Risk analysis
- Data Mapping Exercise
- Identify asset/process (usually identified in Readiness Assessment but refined at this step)
- Document core details and attributes of the kind of data held, on whim, where it is stored, where is it transferred
- Identify what technical and security measures are in place
- Identify and document any risks identified throughout the process. The probability and severity of the risks will be identified and a remediation strategy
- Operational & IT Controls
- We evaluate your current operational and IT controls
- Update Policy Documents and Privacy Notices
- Any existing documents can be reviewed and updated to ensure compliance with GDPR principles.
- Data Protection Impact Assessments (DPIA)
DPIAs are used to identify and mitigate against any data protection related risks that may arise from a new project, procedure or activity. Our team will provide your DPO with a self-assessment tool to help them identify if a DPIA is required or not. If it is determined that a DPIA is necessary, the tool will provide them with a data mapping and risk management exercise to complete.
- GDPR Staff Awareness and Training – 1 day in-company training programme
- Identify Key Changes
- Understanding Individual’s Rights
- Legal Basis for Processing
- Conducting a Data Audit
- Creating a Data Protection Compliance Plan
- Raising Staff Awareness
- Awareness of Liabilities and Penalties
- Ongoing management of your data protection needs
ReganStein has access to several GRC platforms, some home-grown and others that have an international perspective. We have recently signed a channel partner agreement with one of these providers. Their GRC software was created in conjunction with data protection and legal experts to ensure optimum support. It simplifies and streamlines the ongoing task of managing GDPR compliance.
To discuss how ReganStein can assist you with your GDPR requirements, contact Ciara Murphy [email protected]