Most EU based organisations have started on a GDPR compliance journey, but for a variety of reasons, many have not seen it through to conclusion.
For companies who have not completed the compliance journey, they are left exposed to risk from data breaches and potentially fines from their local regulator.
Understanding the requirements of GDPR and applying them to your own organisation can be challenging. Also, knowing why and how to prioritise tasks can be difficult.
BH Consulting’s GDPR Maturity Assessment can bring clarity on what needs to be done to demonstrate compliance with GDPR. Our data protection team have experience of working with large and more complex organisations, public sector bodies and SMEs helping them on their journey to compliance with GDPR.
The General Data Protection Regulation (GDPR) is a regulation in EU law covering data protection and privacy for all individual residents of the European Union and the European Economic Area.
GDPR has enforced a set of obligations for organisations of all sizes, that store, process or analyse personal data of EU residents, regardless of where they are based.
BH Consulting’s GDPR Maturity Assessment is an assessment of an organisation’s current level of compliance with the regulation. It helps to identify potential gaps and prioritise key work areas that need to be improved on to demonstrate compliance.
Our GDPR Maturity Assessment is an in-depth review of how your business stores, processes, or analyses personal data belonging to EU residents. Our team are qualified senior data protection consultants and have an in-depth understanding of the GDPR requirements and how they should be met.
The GDPR maturity assessment will include:
- A review of existing privacy and governance structures covering data protection principles, processes, and privacy awareness
- Workshops with key personnel from in scope departments to review current processes and practices in relation to personal data
- Review of existing Data Protection documentation, policies, and procedures
The following areas will be considered as part of this service:
- Scope of compliance
- Data Controller and Data Processor responsibilities
- What personal data is held, where is it held and why
- What categories of personal data are held
- Consent processes and responsibilities
- Who has access to the personal data and why
- Subject access request processes
- DPO roles and responsibilities
- Data subject rights
- Privacy by Design and by Default
- Governance and Risk Management
This service can be carried out remotely.
- Gain understanding of where your organisation currently is in relation to GDPR
- Establish a realistic scope and timeframe for the work required
- Obtain a clear road path to demonstrate alignment with GDPR
- Reduce overall costs and resources associated with GDPR compliance
- Avail of subject matter expertise and practical recommendations of our senior consultants
- Focus on your core business while outsourcing your GDPR requirements