GDPR

GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a European Union (EU) regulation intended to strengthen and unify data protection for all individuals within the EU as well as addressing the export of personal data outside the EU. EU GDPR becomes enforceable from 25th May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus immediately and directly binding and applicable.

One of the primary objectives of the GDPR is to give control back to citizens and residents over their personal data – eg consent, the right to erasure and subject access requests (SARs) – and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR will significantly transform how personal data (noticeably digital data) is initially received, processed, retained and shared. Organisations are required to make changes in their policies, processes and contracts, as well as in technical and organisational compliance measures, to demonstrate and sustain compliance.

Failure to comply can result in significant financial penalties such as 4% of previous year’s annual global turnover.

AiM Approach to GDPR

AiM applies a four-phased methodology to delivering an EU GDPR compliant roadmap to organisations:

  • Phase 1 “Discover” – This involves a Data Protection Officer (DPO) focused readiness review to discover all current aspects of the personal data (PD) model, Personal Information Management Systems (PIMS), data flow lifecycle, management and protection of data, and to identify any gaps in compliance with the clauses of the Regulation.  Key outputs are data inventory and data map
  • Phase 2 “Execute” – This involves executing the actions and IT system technology required for gap closure, ensuring sustainable and continuous compliance and management of the data lifecycle. May comprise relevant policies, processes, standards, Privacy Impact Assessments (PIAs), data incident management, SARs, regulatory roles/responsibilities (eg DPOs) and training
  • Phase 3 “Comply” – This involves embedding all aspects of data protection through “privacy by design” governance and full application of the compliance model
  • Phase 4 “Act” – This involves organisational checks to ensure PD data management and breach protection is working effectively and to take action where it is not. Also to review and implement changes to the compliance model arising from revised guidance or changes to EU GDPR.  Finally to monitor and act upon new technology/trends that may impact PD and wider data protection.

We can deploy and configure all the necessary tools to help ensure continuous GDPR compliance.

Service Benefits from using AiM

Phases 1 and 2 of the roadmap will deliver an EU GDPR compliant model to an organisation.  Phases 3 and 4 will ensure it embeds and works effectively in live operation.

AiM can provide expert support to an organisation at any and all stages of the GDPR compliance lifecycle.   In particular we provide:

  • Discovery reviews to understand scope of GDPR compliance implementation, and after implementation to check that GDPR compliance continues to work correctly;
  • Qualified compliance lawyers with expert knowledge of the GDPR regulations and wider corporate governance demands;
  • IT solutions to protect all data – personal and non-personal – implement and maintain data inventories, data maps and to ensure all other requirements of GDPR compliance operate and are tracked effectively; and
  • Interim DPOs who can provide a cost-effective solution for organisations not wishing or unable to appoint full time roles.

Our IT system solution architecture for achieving GDPR compliance is shown in the diagram below:

 

To find out more, email us at info@aim4gain.com.