GDPR and Data Protection Services

  1. Home
  2. chevron_right
  3. Services
  4. chevron_right
  5. GDPR and Data Protection Services

General Data Protection Regulation

The introduction of the General Data Protection Regulation (GDPR) and the Data Protection Act (2018) have combined with the Privacy and Electronic Communications Regulations (PECR) to create a perfect storm of regulatory difficulty. Every business in Europe is affected, regardless of size, and the enforcement has begun!

For added clarity on the importance of GDPR compliance, and some expert advice on its relationship with document management, be sure to consult our DRMS briefing written by industry expert Humperdinck Jackman – Is your organisation GDPR ready?

The GDPR and PECR govern how any organisation manages, protects, and communicates with people. The scope is wide: it includes all personal data of residents of the EEA. As we advise our clients, it’s not just the obvious data which is covered, but also includes, computer IP addresses, anything to do with health, financial details, a person’s CV, and even their corporate email address.

Yes, there’s the threat of significant financial penalties for non-compliance (and even criminal prosecutions of Company Directors), but what of the reputational damage of being the next organisation to hit the headlines? When you consider that even sending an email to an unintended recipient can be a breach, it becomes clear that expert guidance is required.

GDPR Readiness Assessment

Whatever you do, and whatever the size of your organisation, we believe you must start with a thorough GDPR Readiness Assessment.  Ours is generally 70 questions, covering seven distinct topics. A weighted scoring system then generates a relative score against which you may see your compliance – and risk exposure – at a glance.

After all, if you can’t measure it, you probably can’t fix it!

Key Considerations for all Organisations

Fundamental to the regulations is the  requirement to identify your lawful basis for data processing. Contrary to much ill-informed guidance, this extends far beyond seeking consent. Perhaps it is in your legitimate interest, for the fulfilment of a contract, a legal obligation (and others too). These must be documented in advance!

The Process Register (ROPA)

At the very heart of compliance is the Process Register, also known as a Register of Processing Activities, or ROPA.

This is a specialist document to document the life-cycle of personal data from when it enters the organisation, where it’s stored, it’s usage, retention, sharing, and much more besides. Without the Process Register, it’s impossible to construct a Privacy Notice, or to document your lawful basis for processing personal data.

Example of a Process Register – ROPA

Other Considerations

A major hurdle is the strict legal requirement that any data sharing between organisations is covered by a Data Sharing Agreement. These take many forms, and it is careless to risk your organisation by using one merely ‘found on the internet’. Our specialist draft customised contracts for us both in the E.U., and for transfers to Third Countries, such as the USA.

Consider the consequences of either a data breach or a Subject Access Request if you had to respond today.  Do you know how to react? Do you blindly notify the Information Commissioner’s Office (the ICO), the data subject, both or neither? Do you have the legal documents required? How would you know what data to reveal? When? Such factors are part of the Advanced UK approach to supporting our clients. We guide you through the complexities.

Compliance is not ‘one-size fits all’

There’s no certificate of compliance available, nor any ‘certified’ software, but there are best-practise approaches to ensure you implement an effective program of change management.

Our team of consultants guide you through a readiness assessment, and develop the documentation, processes and procedures required. Throughout, there’s practical guidance, helping you to navigate the additional requirements of the PECR and the Companies Act too.

GDPR is only the Beginning

The introduction of the ePrivacy regulation (e-PR), will affect every organisation, from the smallest SME to the large corporation will have to implement change. For many, the effects could be catastrophic: the draft regulation proposes that even business to business (B2B) communications will require consent!

We are ready to assist: we can explain how your organisation may make strategic changes to stay ahead of your competition. While everyone else is sending tens of 1,000’s of ‘consent’ emails, you will be sitting back watching the chaos.

Our Team of GDPR Specialists

Our data protection / privacy consultancy team is headed by Humperdinck Jackman, a career specialist in the field of Records Management and Privacy. Humperdinck is the Data Protection Officer for the world’s largest children’s charity, two international software corporations, and also for a major school’s Trust.

Humperdinck explains, ‘Clients like pragmatic advice, delivered in a no-nonsense fashion. They want to work with you, and not receive just lectures’. As our clients tell us, Humperdinck has a skill in making complex topics understandable.

GDPR Solutions

Throughout your regulatory compliance journey, you may realise you could benefit from technological solutions to enhance your position. We’ve gathered several of the core components which include:

  • Document management software, both on-premise and SaaS;
  • Database audit / cleansing services;
  • Secure, encrypted email solutions to integrate with your current systems;
  • Training courses, from department to Enterprise level;
  • Integrated secure-print technology;
  • Information Security (INFOSEC) guidance;
  • … and much more!

At Advanced UK, we have over 25 years’ experience in the document solutions integration sector and are one of the longest-serving Xerox partners. Our decades of Records and Document Management experience make us excellently positioned to help ensure your compliance, and to avoid GDPR penalties.

Contact us today to see how our team might assist. Don’t wait until you are fined or appear in the headlines for the wrong reason.