Assurance Programme Solutions UK Assurance Programme Solutions UK
  • Our Company
    • About Us
    • Our Mission, Vision and Values
    • Testimonials
    • News
    • Careers
    • Contact Us
  • Expertise
    • Products
    • Services
    • Meet the team
  • Blog
  • Industry
    • Our Partners
    • Case Studies

GDPR (General Data Protection Regulation)

  • Home > Data > GDPR (General Data Protection Regulation)
  • 02 May

    GDPR (General Data Protection Regulation)

    By:   Dave Newland

    EU General Data Protection Regulation (GDPR) 

    “Getting Ready For GDPR”

    GDPR is focused on how personal data is managed. It introduces more specific and prescriptive data protection compliance challenges for organisations in all industry sectors. The regulation replaces the Directive 95/46/EC, which was the basis of European data protection law introduced in 1995.

    The introduction of new rights for individuals, right to be forgotten and the right to portability, as well as the introduction of mandatory breach notification, will increase the regulatory burden for most organisations.

    Businesses are acting now and reviewing their current data protection compliance programmes. Its important they determine next steps and mobilise immediately to make sure they are prepared before 2018 to address the changes coming into force. (The new Regulation officially comes into force on 25th May 2018).

    Key changes proposed by the EU GDPR

    • Fines of up to 4% of annual worldwide turnover – Fines for a breach of the GDPR are substantial. Regulators can impose fines of up to 4% of total annual worldwide turnover or €20,000,000
    • Expanded scope – Applies to data controllers and processors established in the EU and organisations that target EU citizens
    • Data Protection Officers (DPOs) – DPOs must be appointed if an organisation conducts large scale systematic monitoring or processes large amounts of sensitive personal data
    • Accountability – Organisations must prove they are accountable by:
      • Establishing a culture of monitoring, reviewing and assessing data processing procedures
      • Minimising data processing and retention of data
      • Building in safeguards to data processing activities
      • Documenting data processing policies, procedures and operations that must be made available to protection supervisory authorities on request
    • Privacy Impact Assessments – Organisations must undertake Privacy Impact Assessments when conducting risky or large scale processing of personal data

    Consent 

    • Consumer consent to process data must be freely given and for specific purposes
    • Customers must be informed of their right to withdraw their consent
    • Consent must be ‘explicit’ in the case of sensitive personal data or transborder data-flow

    Mandatory breach notification – 

    • Organisations must notify supervisory authority of data breaches ‘without undue delay’ or within 72 hours, unless the breach is unlikely to be a risk to individuals
    • If there is a high risk to individuals, those individuals must also be informed

    New rights – 

    • The right to be forgotten – the right to ask data controllers to erase all personal data without undue delay in certain circumstances
    • The right to data portability – where individuals have provided personal data to a service provider, they can require the provider to ‘port’ the data to another provider, provided this is technically feasible
    • The right to object to profiling – the right not to be subject to a decision based solely on automated processing

    Privacy by design – 

    • Organisations should design data protection into the development of business processes and new systems
    • Privacy settings are set at a high level by default

    Obligations on processors – New obligations on data processors – processors become an officially regulated entity

     

    How APS can help you with GDPR

    • GDPR Assessment – “Discovery Phase” on clients “as is state” and  “desired end state” to meet the specific requirements of GDPR
      • Covering – detailed assessment of data protection (ensuring ability to provide evidence of compliance) maturity, data processing/mapping, compliance requirements, risk assessments, data monitoring (employee/personal data)
      • Recommendations/Strategy/ Data protection framework and roadmap for remediation, timelines, GDPR plan, process-specific risks, data mapping
    • Privacy Impact Assessment
      • Assessment of systems and/or projects identifying key data protection risks. Focused on Mandatory breach notification – (ensuring ability to notify a data protection supervisory authority of a data breach within 72 hours)
    • Data Inventory “Know your personal data”
      • Personal Information flow documentation – (where it is, where is transferred from / to who has access to it). New Rights; Compliance with the new rights; the ‘right to be forgotten’ the ‘right to data portability’ and the ‘right to object profiling
    • Data Protection improvement programme
      • Privacy governance & Organisation Design, implementation, Compliance and Monitoring Solutions, Policy and procedures, training and awareness, Incident management,On-going support, 3rd party management, risk management, procedures and controls, information security controls, corporate compliance, on-going compliance and monitoring
    • Legal Support
      • Liaise with internal/external legal teams to ensure compliance with data protection legislation
      • Advising on compliance programmes and policies, Assessment of any non-compliance and suggestions of remedial action, Drafting for data controller and data processor agreements, Drafting of Binding Corporate Rules.

    For further information contact mark.blake@apsolutions.org.uk or dave.newland@apsolutions.org.uk

    Share:
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  

    News Categories

    • Agile
    • APS
    • APS Blog
    • Asset Management
    • Awards
    • Banking
    • Benefits
    • Benefits Realisation
    • Blog
    • Board Announcement
    • BREXIT
    • Business
    • Business Case
    • Business Change
    • C Suite
    • Case Study
    • Change
    • Change Control
    • Charity
    • City
    • Climate Change
    • Cloud
    • Compliance
    • Consultancy
    • COVID19
    • CYBER
    • Cyber Security
    • Data
    • Delivery
    • Digital Practice
    • Digital Transformation
    • Energy
    • Financial Services
    • GCP
    • GDPR
    • General Consultancy
    • Giving Back
    • Google
    • Google Cloud Partner Advantage Program
    • Governance
    • hampshire
    • Hedge Fund
    • IFRS17
    • Innovation
    • Insurance
    • IR35
    • ITIL
    • M&A
    • Management
    • Mergers
    • News
    • Operations
    • Palo Alto
    • Partnership
    • Planning
    • PMO
    • Press Release
    • Processes
    • Product Owner
    • Professional Services
    • Project Management
    • Quality Assurance
    • Recruitment
    • Regulation
    • SaaS
    • Scrum Master
    • Service Management
    • Slack
    • SMCR
    • Systems
    • Target Operating Model
    • Testing
    • TOM
    • Training
    • Transformation
    • VAR
    • Wealth Management



    Redefining consultancy services

    More Details

    • About Us
    • Careers
    • Our Partners
    • Privacy Policy
    • Contact Us

    Our Services

    • Consultancy Services
    • Digital and Data Transformation
    • Agile Portfolio Solutions
    • Regulatory Change
    • Security & Compliance
    • System Implementation

    GET IN TOUCH

    6 Lloyds Avenue

    London, EC3N 3AX

    020 452 65592
    contactus@apsolutionsuk.com

    © 2020 Assurance Programme Solutions Limited. All rights reserved.

    • Terms & Conditions
    • Terms of Use

    Developed by: Kalidescope Ltd