EU GDPR Project Management and Consultancy

What is GDPR?

GDPR comes into force in May 2018. It will impact on all businesses across the European Union and will happen regardless of Britexit. The General Data Protection Regulation (GDPR) brings the Data Protection Act (1998) up to date with current technologies. All business are included from the major corporation through to the one man band.

The purpose of EUGDPR.ORG.UK

Major Corporations will have their own compliance teams already in place dealing with things like ISO27001 etc. For them GDPR slots nicely into an existing governance regime. For smaller organisations that cannot afford the resources of the major companies, dealing with GDPR is a nightmare of contradictory information. We aim to cut through all that and provide you with a clear path to GDPR compliance that is both effective and affordable.

How do we start?

We start with a free, no obligation consultation. Here we discuss in more depth how the process works and give you a better understanding of just what GDPR is and your obligations under the regulation. We will then agree an approach to move this forward that is tailored for you. Many companies want us to complete the entire compliance exercise for them, others are happy to pick and choose, completing certain elements themselves.

So we are now compliant – what next?

GDPR Compliance is a moving target. As new systems are introduced or upgraded it is important to check that this will not expose you to a breach. This will require an impact assessment. In most cases this would be ‘light touch’ but occasionally it will require more. You will also need to have someone who can deal with any Subject Access Requests and be a point of contact for the Supervisory Authority. We can help with that too.

I have heard that if you have a breach you could be fined as much as €20,000,000 is this true?

Scary figures we know. In reality administrative fines will be assessed on a case by case basis. The regulation says they must be effective, proportionate and dissuasive. But will take into account the nature and circumstances as well as the number of subjects involved. This headline grabbing figure is the maximum administrative fine that can be imposed if the breach involved special category data – that includes things like medical information, trade union affiliation etc. so, although theoretically possible, we would be surprised to see these figures being imposed. The best way of measuring this is to look at the Information Commissioners web site under the news and blogs section to see what fines are being imposed under the current act.