- GDPR – Website review
We conduct a review of your website to determine the level of GDPR compliance and along with a security review of the website, provide feedback on the gaps that need to be addressed and action items required to close them. Inspired-IS can assist with reviewing and/or amending existing website policies or where required create the necessary documentation.
- GDPR – Company review
Gaining an understanding of how your organisation is currently placed against the GDPR is possible through a GDPR review. The aim of the review is to gain an understanding of how the business functions. Through telephonic or onsite interviews with the relevant heads of department, we gain insight into what information is collected, processed and stored within each department. Questions around the security processes and controls of the information held requires us to also chat to your IT staff. Feedback is provided on the areas that need to be addressed and action items listed. Inspired-IS can assist with the remediation activities which typically are: reviewing and/or updating of existing policies, creation of missing policies, training and advice.
Inspired-IS can develop tailored policies that reflect the company’s practises and processes – this is done through gaining an understanding of the company, the processes and the information held. This includes both website documentation and internal documentation.
A privacy notice is a statement of how your organisation applies data protection principles to the processing of its data – a Privacy Notice is required on your website and on any form of communication that requests individuals to share their data. As a starting point we can help you map your data, this should show how your data flows through your organisation, thereafter we would establish your legal basis for processing, what information you hold that constitutes personal data and what you do with the personal data you process.
A requirement of the GDPR is provide training to staff. The training session proposed will cover the basics of GDPR and how it impacts staff in relation to the business. A certificate will be provided to each staff member .
The GDPR has introduced a duty for a company to appoint a Data Protection Officer (DPO) if you are a public authority or carry out certain types of processing activities. While not all organisations are required to appoint a DPO, you must ensure that your organisation can has sufficient staff and resources to fulfil the obligations of the GDPR.
An external DPO can be used on a contract basis to assist you in monitoring internal compliance, informing and advising on data protection obligations and provide advice regarding Data Privacy Impact Assessments.
Reporting to the highest management, the DPO would need to be involved in a timely manner in all issues relating to the protection of personal data to ensure the correct advice and guidance was provided.