aim key cog flag clipboard-pencil podium flare signal lamp pie-chart graph scale2 hammer2 balance traffic-lights road archery wall share2 warning notification-circle circle-minus prohibited book book2 bookmark

Call your nearest office

Or ask us a question

Search our site

What are you looking for?

Did the 25th May pass without issue?

Many organisations are still wrestling with the challenge to implement the changes required to meet the requirements of the new Data Protection Act, while others are yet to assess how the new legislation will impact on their business operations.

General Data Protection Regulation (GDPR)

Features Benefits

To find out more, please complete our contact form

The GDPR is now the Data Protection Act 2018 and has been in force since the 25th  May 2018. The government has confirmed that the UK’s decision to leave the EU will NOT affect future compliance requirements.

Of particular interest to businesses that use outsourced data processing services is that GDPR focuses on protecting the data of Citizens in the EEA wherever in world it is stored or processed. Unlike the current legislation it extends to include the Data Processor as well as the Data Controller.

The legislation includes provisions that promote accountability, governance and transparency in the way organisations deal with personal data. While the principles of accountability and transparency have previously been implicit requirements of data protection law, the new law’s emphasis elevates their significance. All organisations, no matter their size, complexity, or business sector have a responsibility to adequately protect the personal data they collect, store, process and share.

Failure to secure personal data will result in action by the Information Commissioner and the fines could equate to 4% of global turnover, compared to the previous maximum fine of £500,000..

How can we help?

If you have not implemented plans to ensure compliance then the starting point is to establish the ‘as is’ situation with respect to the legislation and then to implement an improvement plan to ensure compliance is achieved sooner rather than later. The Information Commissioner has indicated that any organisation that is fully engage on the journey to compliance will be looked on more favourably in the event of a data breach than one that is not engaged.

We establish the ‘as is’ situation by conducting a Readiness Assessment. This provides an assessment of a businesses current practices against the obligations of the legislation.

The results of the assessment will be used to develop a risk based improvement plan that fits your precise business requirements to drive compliance.

The Readiness Assessment covers the key principles of the Regulation as set out in Article 5:

Principle 1 – Processed lawfully, fairly, and in a transparent manner.

Principle 2 – Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Principle 3 – Adequate, relevant and limited to what is necessary in relation to the purposes for which the data is collected.

Principle 4 – Accurate and kept up to date

Principle 5 – Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes outlined in Principle 2.

Principle 6 – Stored and processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Following on from the Readiness Assessment we are able to offer advice and guideance in the following key areas:

  1. Design and implementing appropriate technical and organisational measures that demonstrate compliance. Including:
    • documenting internal data protection policies and mapping processing activities;
    • internal audits of processing activities, and
    • reviews of internal policies.
  2. Develop awareness training programmes;
  3. Conduct data audits to ascertain what data is stored and processed, where, how and why?
  4. Implement systems to deal with Data Subject Rights including subject access requests.
  5. Assisting with implementing new technologies such as Cloud services to be GDPR compliant.

To find out more, please complete our contact form

Get in touch

HW Controls & Assurance
30 Camp Road
GU14 6EW

Our address

HW Controls & Assurance
30 Camp Road
GU14 6EW

Tel: 01252 510333