The new EU GDPR (General Data Protection Regulation) was adopted on 27th April 2016 and came into force on 25th May 2018. It represents significant regulatory change in the way in which data is processed and stored, the way in which data should be protected and how it is used, and gives data subjects far greater control over their data.
For organisations, the regulation includes substantial fines and significant reputational damage should they fall fowl of this very complex and far reaching regulation. Of extreme concern to most large organisations is that we are now seeing the ICO start to impose significant fines on large global organisations. Only recently it was reported that a leading airline was fined £183m by the ICO for infringements of the Data Protection Regulation. The fine related to a cyber incident that occurred in September 2018.
Don’t let this become your company. Rowanwood has the expertise to help your business become more closely aligned to the obligations of the General Data Protection Regulation.
There is no qualification or standard meaning you are GDPR compliant, however, Rowanwood consultancy services can help ensure you are meeting your obligations and are taking all reasonable steps to meet the standards.
Our approach is provided in four phases
We will undertake a high level, targeted, GAP analysis exercise in order to gauge your organisations state of readiness. We assess readiness through workshops, interviews and the completion of our in-house GAP analysis tool. At the end of this exercise you will be aware of your key risks.
Depending on the size of your organisation, a Rowanwood consultant can normally conduct an initial GAP Analysis exercise in approx. 5 days at a fixed cost of £ 4,500
Taking the results from the Gap Analysis, Rowanwood will carry out an in-depth compliance audit. This includes performing a deeper dive into your organisations process’, procedures and security system, and on completion providing a detailed report of work to be undertaken to make you more aligned to GDPR and ISO27001 standards.
Rowanwood will help implement the recommendations identified in the assessment and work with you to implement a robust and practical Information Security Management System.
As part of the Alignment and Implementation phase Rowanwood will undertake Data Processing Impact Assessment exercises for all projects that might be ‘in flight’ at the time. We appreciate your organisation will probably have many projects on the go at this time. Your business cannot stand still!
At each stage of our consultancy process, business owners and C-suite teams will gain valuable information into how their organisation performs its data privacy responsibilities, and more importantly will become aware of areas of risk and exposure.
Our approach is to cover the entire organisation, from its marketing activities through to payroll and IT, giving you an unbiased overview as to how your organisation may fair under the scrutiny of data privacy regulators.
Allow Rowanwood to help with your compliance journey – call now on 0203 957 7780.