Compliance & Regulation Consultancy

Core to our Compliance & Regulation offering in helping our clients with the GDPR is our Policy & Procedure review and update service. 

Following on from the initial data mapping exercise our consultant will look to review and update the policies & procedures required for compliance:

• Undertake a review of current data protection policies in place.
• Update your data protection policy in accordance with the requirements of GDPR, setting out your lawful processing criteria, consent management, subject access requests, data security breaches, retention of records etc.
• Prepare Privacy Policy for website, privacy statements for employees, update application form online, and add email signature disclaimers.
• Review current security and IT practices & procedures.
• Identify and implement measure to satisfy privacy by design.

Deliverables

An initial set of policies to ensure compliance with regulation.

• Data Protection and Record Retention & Destruction Policy
• IT Usage Policy & IT updates
• Employee privacy notice
• Privacy policy for website

To ensure GDPR compliance, companies must understand how and where vendors and processors manage client/customer personal data.

Our offering:

• Identify third party vendors and processors and compile a master list.
• Conduct an audit of vendors and processors and determine what measures they have in place to satisfy privacy by design.
• Review existing vendor and processors contracts for GDPR compliance.
• Assess and manage risks posed by vendors and processors.
• Draft data processing agreements (DPA) and necessary addendums for vendors and processors to sign.

Deliverables:

• Supplier GDPR Readiness Questionnaire
• Master list of vendors/processors
• Risk register
• Signed DPAs with vendors and processors
• Service Agreements amended in line with GDPR