The GDPR represents one of the greatest regulatory changes in how personal data is processed and stored.
The Intuity compliance consultancy team have designed a series of services that provide the insight and guidance needed to ensure ongoing observance of obligations.
With privacy-by-design at the core of all actions, our GDPR service includes:
- Data Mapping & gap analysis
- Policy & procedure, review & update
- Contract review & vendor management
- GDPR awareness training
In addition, we have a DPO-as-a-service offering to assist clients in delivering on their compliance and regulatory obligations going forward.
Policy & Procedure Review
Core to our Compliance & Regulation offering in helping our clients with the GDPR is our Policy & Procedure review and update service.
Following on from the initial data mapping exercise our consultant will look to review and update the policies & procedures required for compliance:
- Undertake a review of current data protection policies in place.
- Update your data protection policy in accordance with the requirements of GDPR, setting out your lawful processing criteria, consent management, subject access requests, data security breaches, retention of records etc.
- Review current security and IT practices & procedures.
- Identify and implement measure to satisfy privacy by design.
An initial set of policies to ensure compliance with regulation.
- Data Protection and Record Retention & Destruction Policy
- IT Usage Policy & IT updates
- Employee privacy notice
Contract Review & Vendor Management
To ensure GDPR compliance, companies must understand how and where vendors and processors manage client/customer personal data.
- Identify third party vendors and processors and compile a master list.
- Conduct an audit of vendors and processors and determine what measures they have in place to satisfy privacy by design.
- Review existing vendor and processors contracts for GDPR compliance.
- Assess and manage risks posed by vendors and processors.
- Draft data processing agreements (DPA) and necessary addendums for vendors and processors to sign.
- Supplier GDPR Readiness Questionnaire
- Master list of vendors/processors
- Risk register
- Signed DPAs with vendors and processors
- Service Agreements amended in line with GDPR
GDPR Awareness Training
The Intuity GDPR Awareness Training will help guide your team on your business’ road towards compliance. We understand change can be difficult and we can assist you with the implementation of new practices and procedures. Our GDPR Training programme is designed to help the team with responsibilities for collecting and processing personal information.
Our half-day workshop is designed to equip your employees with the skills and knowledge they need to identify visible privacy risks and be GDPR aware.
Having conducted an analysis of your policies and procedures and having identified key changes to satisfy privacy by design and default we can then tailor our GDPR Awareness course to your specific business needs, including a Q&A session to address any of your staff’s concerns around GDPR compliance.
After successfully completing this workshop, staff will understand key GDPR obligations required of businesses today including:
- What is GDPR and what has changed since 1995 Directive?
- Key Obligations Under GDPR
- Key Terms
- Personal Data
- Legal basis for Processing
- Data Processing Agreements
- Sharing Data
- Marketing & GDPR
- Privacy by Design
- Employee responsibilities
- Business Responsibilities
- Data Breach
You Can Choose. . .
Choose from a variety of training formats:
- Innovation House Workshop
- Live Webinar Workshop
- Onsite training for your team
One of the greatest demands of the GDPR is the requirement for some organisations to have a dedicated Data Protection Officer in place. Many businesses simply cannot afford this additional cost and our DPO as a Service offering provides the perfect solution for these businesses.
We offer the combined benefits of a shared Data Protection Officer and a virtual Data Protection Officer (v-DPO) so your organisation can reap the benefits of a DPO as required for services such as:
- Data Privacy Impact Assessments
- Data breach management, monitoring, controls and reporting
- Data Risk Management
- Subject Access Request Management – respond to subject access request in line with the GDPR
Our hybrid solution delivers the comfort of both human touch and cutting-edge technical solutions ensuring your business is in the best possible hands.