Sovereign is ideally placed to provide a full advisory service to companies facing the need for GDPR compliance. Many businesses are seeking help to ensure their approach to managing personal and sensitive data is compliant with the regulation not only by the 25th May, but making sure that they have the systems and processes in place to ensure compliance continues to be met.
Sovereign is able to provide a full menu of GDPR services to support clients on their journey towards compliance and beyond. We can tailor our services according to the needs of the business. Below is a break down of the GDPR related support we deliver and are typically asked to assist with:
We run a check to see how well your existing business practices are matched to the requirements of GDPR. This exercise will provide you with a prioritised list of activities we recommend to minimise your risk of a compliance breach.
Executive briefing sessions
Many clients have found our briefing sessions for the senior management team invaluable as they help raise awareness across the business and set priorities for resource allocation.
Data discovery audits
It is often the case that a business does not have a complete picture of the personal information they process. Without this, meeting the requirements of GDPR is impossible to achieve. We work with your business teams to understand the data they hold and whether the processing of it is necessary.
Data process reviews
Once the data being held has been identified, it is important to track the journey of the data as it passes through business processes. This allows us to look for which services are processing the data, where awareness needs to be raised and where there are interactions with other organisations.
Policy and procedure development
Despite having existing policies and procedures in place for managing Data Protection compliance, these will need to be updated for GDPR; for example, how employees deal with access requests, how they report breaches, what data they can disclose will all need to be outlined and communicated through clear policies.
Throughout the process between now and May 2018, briefings should be regularly provided. These may include high level overviews of the new regulations through to detailed training on departmental specific processes. Sovereign can deliver these briefings to ensure quality and timely information is being provided.
IT security reviews
As an IT service provider, Sovereign delivers a wider scope of IT services to its clients which includes IT security services. An independent review will assess your current position and how secure your IT is. The report will detail what meets minimum requirements for any business and recommendations for improvements. Having a robust approach to ICT security helps to minimise the risk of data loss, which in turn, contributes towards GDPR compliance.
On-going support after the live date
The 25th May is just the beginning. There will be an ongoing requirement to ensure policies are being followed, data is managed effectively and any breaches are managed appropriately. Sovereign can provide a ‘virtual’ compliance manager to ensure requirements continue to be met.
Sovereign’s consultants are proficient in managing data; especially meeting requirements of the existing Data Protection Act. This experience of best practice along with an empathetic approach to facing challenges allows us to provide valuable guidance and support on the journey towards GDPR.