General Data Protection Regulation
(GDPR)

Accelerate your GDPR preparation and data protection efforts.
Is your organisation ready?
Any company that holds personal data will need to comply with the new modernised General Data Protection Legislation (GDPR) which comes into force from 25 May 2018.

Your Obligations

01
increased scope

An increase in scope to cover all data controllers and processors within in the EU as well as organisations that have EU citizens as clients and staff.

02
DATA PROTECTION OFFICERS (DPOs)

Organisations that conduct large scale processing operations must appoint a DPO to manage their responsibilities.

03
COMPLIANCE

Organisations must prove they are compliant by:

  • Establishing a culture of monitoring, reviewing and assessing data processing procedures.
  • Minimising data processing and retention of data.
  • Building in safeguards for data processing activities.
  • Documenting data processing policies, procedures and operations that must be made available to the data protection supervisory authority on request.
04
Data Privacy Impact Assessments

A Data Privacy Impact Assessment (DPIA)is mandatory requirement for EU GDPR compliance regardless of the size of the business.

05
CONSENT

Consumer consent to process data must be freely given and for specific purposes. Customers must be informed of their right to withdraw their consent. Consent must be ‘explicit’ in the case of sensitive personal data or trans-border dataflow.

06
MANDATORY BREACH NOTIFICATION

Organisations must notify supervisory authorities of data breaches ‘without undue delay’ or within 72 hours, unless the breach is unlikely to be a risk to individuals. If there is a high risk to individuals, those individuals must be informed as well.

07
NEW RIGHTS
  • The right to be forgotten - the right to ask data controllers to erase all personal data without undue delay in certain circumstances.
  • The right to data portability - where individuals have provided personal data to a service provider, they can require the provider to ‘port’ the data to another provider, provided this is technically feasible.
  • The right to object to profiling - the right not to be subject to a decision based solely on automated processing.
  • The right to request all data held on them by a business - regardless of how the data is stored. Business will need to have policies, procedures and or electronic systems to satisfythis new requirement
08
PRIVACY BY DESIGN
  • Organisations should design data protection into the development of business processes and new systems.
  • Privacy settings are set to a high level by default.
09
OBLIGATIONS ON PROCESSORS

New obligations on data processors as processors become an officially regulated entity.

Accelerating data protection to support the GDPR

We help businesses develop and deliver a considered and effective data protection strategy. Our Professional and highly skilled resources identify target areas, implementing effective change straight away.

Expertise
Bespoke
solutions
Swift action
Choice of implementation routes
Professional
guidance
Cost-effective
How we deliver
01
PRIVACY BY DESIGN

Audit and review current policies, process and procedure against the GDPR Compliance Checklist. Target ‘easy win’ areas where change can be implemented quickly and effectively, creating momentum.

02
Gap analysis

Undertake an agile approach to the Gap analysis to reduce project timeline, applying a risk-based approach to change. Defence Logic can advise on a cost effective approach, eliminating the risk of organisations implementing expensive changes that could provide little protection.

03
Implement change

Implement changes according to the risk-based approach, to reduce client exposure while maintaining control of costs. We offer an end-to-end approach, with pre-defined and templated business requirements and checklists, reducing requirements analysis.

Cybercrime is a global problem and Jersey is targeted for its finance industry. How do you know your business has the right security measures in place?
Key Contact
Anthony Flemmer
ISO27001 Certified ISMS Lead Implementer
Chief Executive Officer
anthony@defencelogic.io