GDPR READINESS ASSESSMENT
The GDPR has enterprise wide implications: legal, technical, operations and data users will all be impacted. Becoming compliant will mean ensuring that the right documentation is in place, and will likely mean making changes to contracts, policies and processes, technology and the data itself.
To understand the amount of work involved, and in order to understand the amount of resource and budget required, The Data Works can perform a readiness assessment of your As Is state. This will highlight the key areas of risk to provide focus for the GDPR programme team.
GDPR ROADMAP DEFINITION
Either building on a Readiness Assessment, or using an existing understanding of the As Is state, The Data Works can support in defining your roadmap to compliance. Taking the form of a high level programme plan, this will identify the required workstreams and highlight inter-dependencies to provide a clear and actionable critical path to compliance. Using a risk based approach, this will identify and define the priority workstreams that require completion by the enforcement deadline. Additionally, project charters for each of the workstreams can be provided, giving a summary scope and a rough order of magnitude for delivery.
GDPR PROGRAMME APPROACH
One of the main challenges organisations are facing is how to structure their GDPR Programme to ensure that as much progress is made in as short a time as possible. Especially as additional budget and resources haven't necessarily been made available.
Often done in conjunction with a Readiness Assessment, The Data Works can provide a framework and recommend a programme governance model to provide the structural foundations for the GDPR programme team to take forward.
GDPR IMPLEMENTATION SUPPORT
With experience in implementing GDPR compliance programmes, The Data Works can provide support in the implementation of your programme, including:
- Defining the functional and non-functional requirements
- Working with developers to define a technical approach
- Working with Legal teams to define your organisation's interpretation of certain key elements
- Designing a re-notifying and re-consenting contact strategy
GDPR training is required both to meet the Accountability principle, and to ensure that all stakeholders have an role-appropriate level of understanding to play their part in the GDPR programme.
The Data Works can provide anything from general GDPR Awareness training, to tailored role-based training for those on the front line such as developers, marketers and customer-facing staff. Not only will this expedite the delivery of your compliance programme, but it will also make you less likely to suffer a breach in the future.
GDPR 3RD PARTY ASSESSMENTS
The GDPR mandates certain requirements of both Controllers and Processors in order to ensure a Processor's compliance. This translates into a responsibility for Controllers to confirm the role of each of their 3rd parties, and perform the necessary due diligence and documentation exercises.
The Data Works can support in anything from identifying all relevant 3rd parties, to establishing their role (Controller, Joint Controller, Processor or Processor's Processor), to assessing the compliance of any 3rd party software, to designing and implementing a compliance questionnaire.