Governance, Risk Management and Compliance
Governance is the collection of concepts, processes and networks by which corporations are controlled and operated. Governance structures and principles identify the distribution of rights and responsibilities among different participants in the corporation and include the rules and procedures for making decisions. Risk management refers to the practice of identifying potential risks in advance, analysing them and taking preventive steps to minimize, avoid or hedge the risk. Compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance describes the goal that organizations want to achieve to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations.
Firms that breach the rules face fines, but most don’t know what to do to get ready. Get GDPR ready with us.
What is GDPR?
The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. This regulation will replace the EU Data Protection Directive. This means that from May 2018 it will be directly applicable to any business or organisation that deals directly with an EU citizen or business.
What are the requirements?
The GDPR aims to make it simpler for people to control how companies use their personal details. Strict rules mean companies will not be allowed to collect and use personal data without the person’s consent.
What constitutes personal data?
The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people. Examples: name, email address and phone number, and also internet browsing habits collected by website cookies etc.
Will GDPR still apply after Brexit?
The government says the same rules will continue to apply after the UK formally leaves the EU.
HOW CAN WE HELP?
The gap analysis process consists of interviews with managers and staff from various departments including IT, E-Commerce, Finance, Customer Service, Warehouse, Purchasing and HR etc. A more detailed review of documentary evidence for areas of proposed compliance would be required at the next stage. The final report will provide a summary of the GDPR readiness assessment.
GDPR training is one of the key requirements a company can take to ensure that staff and the processes comply with the regulations. Our GDPR and data protection training ensures the GDPR awareness of your company.
DPO (Data Protection Officer) as a service is an efficient and cost-effective solution for organisations who do not have the necessary data protection expertise and knowledge to meet their on-going obligations under the General Data Protection Regulation (GDPR). By outsourcing your DPO obligations, you receive access to expert advice and guidance which helps you to address the compliance demands of GDPR, whilst continuing to stay focused on your core business.