You should respect your data
Every business will generate and use data either in a paper or digital format. Personal information is a valuable commodity and should be treated with respect. GDPR is the framework provided to enable you to do this. A set of guiding principles to ensure you treat your staff and customer data fairly.
If you are providing data to a company, you need to trust them. To handle, store or process your data safely, ensuring it will not be shared with anyone else unless you have given explicit consent. That is the essence of the GDPR but many businesses are at different stages of compliance.
It all starts with a conversation
Support for GDPR compliance
You need to recognise your responsibilities for safeguarding your data. What you can do under the GDPR needs to be understood. PMA offers practical support to implement what you need then ensure you remain compliant. This is not a tick box exercise but an ongoing accountability programme.
Businesses are at different stages in their GDPR journey. You may not have thought about what you need to do or it’s not been seen as a priority. Perhaps you have started work, become compliant but need to maintain this status. Individuals are involved in the process which will always make compliance a challenge.
PMA works with a range of different businesses on all aspects of data protection. Being the main point of contact for any GDPR activities or working with a DPO (Data Protection Officer) to provide additional support. Often liaising with legal teams and the ICO to ensure consistent implementation across an organisation.
The right level of support for your business
Begin by defining where you are currently, identify the gaps and agree on an action plan. It’s as simple as that. Not everyone will start at the same point which is why PMA offer different levels of GDPR support. You just need to find the one that works for you.
GDPR Level 1 – Full compliance
- Data mapping of sources within a business
- Evaluate level of compliance with ICO self-assessment guidance
- Gap analysis produced with a detailed action plan
- Provide advice on the impact of PECR and website Cookies
- Deliver documentation to support policies and business processes
GDPR Level 2 – Post-GDPR compliance
- Review the current level of compliance with GDPR
- Test internal process e.g. SAR, data breaches, privacy policies and Cookies
- Provide a rating, gap analysis and an action plan
- Provide advice on the impact of Brexit
GDPR Level 3 – Provision of a DPO service (inside the EU)
- Check the level of compliance within the business
- Liaise with ICO on queries and complaints received
- Answer data protection queries
- Build and run SAR (subject access request) processes
GDPR Level 4 – Working with an internal DPO
- Support delivery of training to staff
- Identify non-compliant areas
- Work with the ICO to answer any queries
GDPR Level 5 – Ad hoc data protection support and guidance
- Access to up to date information on the regulations within the UK, EU and Rest of the World
- Advice and guidance provided via telephone/Zoom/email
- Support for Data Protection Impact Assessments (DPIA)
- Bespoke Training for internal teams – marketing, HR, call centres, fundraising
If you have a specific need, there are several additional services you can access.
- Write Policy documents in several different languages
- Guidance on lawful reasons for data processing
- Deliver bespoke training by teams e.g. marketing, call centres, directors
- Write Privacy Statements
- Provide advice on PECR and Cookies
- Write Consent statements for marketing purposes
- Regular updates and information on data protection developments
- Recommend security IT and encryption tools
Get in touch with Simon today to find out more.
Frequently asked questions…
What is a data breach?
The GDPR states you must advise the ICO within 72 hours of any data breach where personal data has been compromised. It’s important to manage the interaction with the ICO to ensure you are seen in a positive light. If you have shareholders supporting your business, they must be considered when you go public with the news.
Why do you need training for GDPR?
It’s important to provide training modules that are bespoke to the teams in your business. I answer the question most employees have which is “what do I need to do differently in my role under GDPR?”. These sessions can be delivered face to face or over Zoom.
How do I know if I need a DPO?
Your DPO would deal with the ICO directly, manage any data breaches, update policies, test processes train teams in the principles of GDPR. Many are expected to be the consumer champion to ensure personal data is not being used illegally.
Get in touch with Simon today for the answer.
Want to explore more?
If you have a question or want to find out more about how we can help,
it would be great to hear from you.