top of page

General Data Protection Regulation

HOW WE CAN HELP

Gap analysis
 
Perform a gap analysis of your current system to indicate what must be done to comply with GDPR.
​

Document drafting
​
We can draft the necessary consent forms, policies, and procedures.

Data Protection Officer
 
Act as your organisation's Data Protection Officer (a new requirement under GDPR).

Requirements
 
Detailed advice on the requirements of GDPR and DPA 2018.

Implement ISO 27701 
 
ISO 27701 is a potential GDPR certification mechanism and would provide the necessary proof that your organization treats the personal information of its customers in compliance with the law, including for the case of cross-border data flows.

Accountability and governance

You must be able to demonstrate compliance with the EU GDPR. This includes:

​

  • Establishing a governance structure with roles and responsibilities.

  • Keeping a detailed record of all data processing operations.

  • Documenting data protection policies and procedures. 

Privacy rights of individuals

Individuals’ rights are enhanced and extended in a number of important areas. Data subjects have:

​

  • The right to be informed;

  • The right of access;

  • The right to rectification;

  • The right to erasure;

  • The right to restrict processing;

  • The right to data portability;

  • The right to object; and

  • Rights in relation to automated decision-making and profiling.

Six data processing principles

The GDPR lists six data processing principles that data controllers must comply with. Personal data must be:

​

  • Processed lawfully, fairly and transparently.

  • Collected only for specific legitimate purposes.

  • Adequate, relevant and limited to what is necessary.

  • Accurate and, where necessary, kept up to date.

  • Stored only as long as is necessary.

  • Processed in a manner that ensures appropriate security.

Data Protection Officer (DPO)

The appointment of a DPO is mandatory for:

​

  • Public authorities;

  • Organisations involved in high-risk processing; and

  • Organisations processing special categories of data.

KEY GDPR CONCEPTS 

bottom of page