What is it?
On 25th May 2018, the EU General Data Protection Regulation will affect all UK organisations that process the personal data of EU residents. GDPR extends the scope and application of the principles currently described within the Data Protection Act (DPA) and requires organisations to develop clear policies, procedures and processes to protect the personal data of its clients, and adopt appropriate technical and organisational controls. Organisations will need to demonstrate conformity with regulations from 25th May 2018. Net-Defence will guide you through the end-to-end compliance exercise, create the appropriate documentation lead any remedial work and ensure you have the processes in place to demonstrate compliance.
Net-Defence provide a GDPR conformance service for their wide ranging public and private sector clients. As with any conformance exercise, each client may be substantially different in terms of their readiness and personaldata handling maturity. Therefore it is critical that an initial scoping exercise is used to understand any gaps or areas of interest.
There are a number of common and contiguous steps for all such engagements:
Gap analysis and reporting
Residual Risk Acceptance
Each of these stages may be considered to be separate work-streams within the overall project and will produce distinct reports, documentation and artefacts which demonstrate conformance with the high level objectives of the GDPR legislation.
Where a client has a mature and effective data handling and management platform in place, there should be little effort required, particularly with regards to remediation. In this case the client may simply require a conformance report, an attestation of their level of conformity.