You should respect your data
Every business will generate and use data either in a paper or digital format. Personal information is a valuable commodity and should be treated with respect. GDPR is the framework provided to enable you to do this. A set of guiding principles to ensure you treat your staff and customer data fairly.
If you are providing data to a company, you need to trust them. To handle, store or process your data safely, ensuring it will not be shared with anyone else unless you have given explicit consent. That is the essence of the GDPR but many businesses are at different stages of compliance.
It all starts with a conversation
Support for GDPR compliance
You need to recognise your responsibilities for safeguarding your data. What you can do under the GDPR needs to be understood. PMA offers practical support to implement what you need then ensure you remain compliant. This is not a tick box exercise but an ongoing accountability programme.
Businesses are at different stages in their GDPR journey. You may not have thought about what you need to do or it’s not been seen as a priority. Perhaps you have started work, become compliant but need to maintain this status. Individuals are involved in the process which will always make compliance a challenge.
PMA works with a range of different businesses on all aspects of data protection. Being the main point of contact for any GDPR activities or working with a DPO (Data Protection Officer) to provide additional support. Often liaising with legal teams and the ICO to ensure consistent implementation across an organisation.
The right level of support for your business
Begin by defining where you are currently, identify the gaps and agree on an action plan. It’s as simple as that. Not everyone will start at the same point which is why PMA offer different levels of GDPR support. You just need to find the one that works for you.
GDPR Level 1 – Full compliance
- Data mapping of sources within a business
- Evaluate level of compliance with ICO self-assessment guidance
- Gap analysis produced with a detailed action plan
- Provide advice on the impact of PECR and website Cookies
- Deliver documentation to support policies and business processes
GDPR Level 2 – Post-GDPR compliance
- Review the current level of compliance with GDPR
- Test internal process e.g. SAR, data breaches, privacy policies and Cookies
- Provide a rating, gap analysis and an action plan
- Provide advice on the impact of Brexit
GDPR Level 3 – Provision of a DPO service (inside the EU)
- Check the level of compliance within the business
- Liaise with ICO on queries and complaints received
- Answer data protection queries
- Build and run SAR (subject access request) processes
GDPR Level 4 – Working with an internal DPO
- Support delivery of training to staff
- Identify non-compliant areas
- Work with the ICO to answer any queries
GDPR Level 5 – Ad hoc data protection support and guidance
- Access to up to date information on the regulations within the UK, EU and Rest of the World
- Advice and guidance provided via telephone/Zoom/email
- Support for Data Protection Impact Assessments (DPIA)
- Bespoke Training for internal teams – marketing, HR, call centres, fundraising
If you have a specific need, there are several additional services you can access.
- Write Policy documents in several different languages
- Guidance on lawful reasons for data processing
- Deliver bespoke training by teams e.g. marketing, call centres, directors
- Write Privacy Statements
- Provide advice on PECR and Cookies
- Write Consent statements for marketing purposes
- Regular updates and information on data protection developments
- Recommend security IT and encryption tools
The goal is to manage your data within the GDPR framework. Your staff must understand what is expected of them and your customers should feel they are being treated fairly.
Get in touch with Simon today to find out more.
Frequently asked questions…
What is a data breach?
This is the term used when you lose your data. It can happen because of human error or by malicious intent. You need to ensure you are at least prepared for this event. This will involve a plan for the management of a data breach within your business including liaison with the ICO and other stakeholders impacted by the data breach.
The GDPR states you must advise the ICO within 72 hours of any data breach where personal data has been compromised. It’s important to manage the interaction with the ICO to ensure you are seen in a positive light. If you have shareholders supporting your business, they must be considered when you go public with the news.
Why do you need training for GDPR?
The ICO recognises training as an important element of accountability and compliance with GDPR. Experience has shown the human element of any organisation is the weakest link in losing data or clicking onto a phishing email link.
It’s important to provide training modules that are bespoke to the teams in your business. I answer the question most employees have which is “what do I need to do differently in my role under GDPR?”. These sessions can be delivered face to face or over Zoom.
How do I know if I need a DPO?
If you are processing a lot of data then you will need a DPO. Many businesses feel it is necessary to ensure they remain compliant and to deal effectively with any issues. This doesn’t have to be a full-time role and can be done virtually or on a part-time basis.
Your DPO would deal with the ICO directly, manage any data breaches, update policies, test processes train teams in the principles of GDPR. Many are expected to be the consumer champion to ensure personal data is not being used illegally.
You may have specific questions relating to your own experiences or a general query relating to data protection,
Get in touch with Simon today for the answer.
Want to explore more?
If you have a question or want to find out more about how we can help,
it would be great to hear from you.