An increase in scope to cover all data controllers and processors within in the EU as well as organisations that have EU citizens as clients and staff.
Organisations that conduct large scale processing operations must appoint a DPO to manage their responsibilities.
Organisations must prove they are compliant by:
A Data Privacy Impact Assessment (DPIA)is mandatory requirement for EU GDPR compliance regardless of the size of the business.
Consumer consent to process data must be freely given and for specific purposes. Customers must be informed of their right to withdraw their consent. Consent must be ‘explicit’ in the case of sensitive personal data or trans-border dataflow.
Organisations must notify supervisory authorities of data breaches ‘without undue delay’ or within 72 hours, unless the breach is unlikely to be a risk to individuals. If there is a high risk to individuals, those individuals must be informed as well.
New obligations on data processors as processors become an officially regulated entity.
We help businesses develop and deliver a considered and effective data protection strategy. Our Professional and highly skilled resources identify target areas, implementing effective change straight away.
Audit and review current policies, process and procedure against the GDPR Compliance Checklist. Target ‘easy win’ areas where change can be implemented quickly and effectively, creating momentum.
Undertake an agile approach to the Gap analysis to reduce project timeline, applying a risk-based approach to change. Defence Logic can advise on a cost effective approach, eliminating the risk of organisations implementing expensive changes that could provide little protection.
Implement changes according to the risk-based approach, to reduce client exposure while maintaining control of costs. We offer an end-to-end approach, with pre-defined and templated business requirements and checklists, reducing requirements analysis.