01244 455 140
elucidate Group Chester
8am - 5pm Weekdays

GDPR Compliance &
Data Protection Services

GDPR consultancy services, GDPR compliance, data protection regulations

Data Protection changes and GDPR Consultancy

Data protection compliance has never been as important as it is today. In May 2018, the ageing Data Protection Act of 1998 was replaced by the The General Data Protection Regulation (GDPR) which has far more wide-reaching implications and ramifications for UK businesses. Contrary to popular belief, the UK’s decision to leave the European Union will not have a bearing on this.

Given that the existing Data Protection Act was written almost 20 years ago, with the enormity of technological change that has taken place in that time frame, it is easier to appreciate how important the GDPR is. Of course it is still not too late to start on this journey of responsibility and accountability for the data collection that your organisation relies on and it is important to understand what the reality could be for many businesses now GDPR compliance has become enforceable.

elucidate have been working in data protection for many years and have experienced data privacy consultants, industry proven methodologies and have supported a number of organisations and industries in complying with applicable data protection requirements.

How will the GDPR affect my business?

The General Data Protection Regulation depends upon a set of clearly defined concepts and entities to achieve its aim of transparency and application. An understanding of these is key to determining the context with which they apply to your business as a Data Controller and possibly a Data Processor also.

Broadly speaking, if you consider that all of the data protection changes are designed to protect the Data Subjects (you, me and everyone else) and their associated personal data from the potentially disastrous consequences of a data breach it becomes easier to understand from a practical point of view what you should be considering and attempting to achieve from this opportunity.

The first step in preparing your organisation to comply with the GDPR is to understand exactly where data comes into your organisation, its journey through your organisation, where it resides and who you share it with. As a priority, start to question what data your organisation holds on Data Subjects? These could be your:

Employees
Customers
Suppliers
Mailing list recipients

The data is relevant if it could be used to personally identify these individuals.

Next, you need to understand why you need that data. You need to be able to document your legitimate business interests for why you need that specific piece of data. And these could be different for the different elements of data which you collect. The following questions should be next on your list:

How is the data stored?

How long do you need the data for?

Where did the data come from? In future will your Data Subjects be able to positively opt in to having their data controlled by you? An option to opt out is no longer going to be enough.

Do you now or will you in the future need to share this data with anyone else?

Do any 3rd parties process data on your behalf (out-sourced payroll perhaps?)

How easily can you access this data?

The last question above is an important one as it paves the way for the changes to the way Data Subjects can have more control over their data. Individuals can request to see the data you hold on them via a Subject Access Request which you then must supply to them, within a set time window, in a form they can easily understand.

The logistical implications of this for a business which runs using endless spreadsheets, documents and dissipated storage could be considerable.

We have already mentioned documentation and this is a key area to ensure it is up to date, consistent and accurate. The primary means of communicating your GDPR compliance journey with both your data subjects and potentially the supervisory authority will be through your policies and procedures. A new privacy policy will be an absolute requirement for 99% of organisations. Depending upon the complexity of your business, this can be delivered alongside an updated data protection policy, again, an excellent way to demonstrate the aspiration of attaining your compliance.

How can elucidate help my business prepare for the GDPR?

At elucidate we understand the value of data to your business and the serious implications of a data breach. Our team of consultants work with businesses to provide insights and solutions on a range of GDPR issues and can help your business.

Our experienced, qualified and friendly auditors can help you prepare for the new regime. We can perform a GDPR compliance audit and GDPR Gap analysis on specific departments, individual offices, or across your entire organisation. Our consultants are able to help businesses get to the level of compliance required. Our solutions are based on our AID methodology which comprises of the following GDPR services:

Audit
Implementation
Delivery

Our GDPR compliance packages are based on the complexity and scale of the business concerned, something we can generally ascertain in a short, free of charge one-hour consultation. Call us now to help you get started, it’s the responsible thing to do.

Speak to one of our consultants today on how we can help you meet your GDPR requirements. Call us on 01244 455 140 or make an enquiry.

Start your journey towards compliance.

Your Name (required)
Company Name
Your Email (required)

Telephone Number

“Simply delighted with the outstanding work that Mark at Elucidate has done working closely with the Victrex team on our GDPR readiness programme. We truly appreciated Mark’s down to earth, pragmatic and sensible approach to ensure we are in the best place possible. The level of professionalism has been superb, with all the tools and techniques surpassing expectations. We would be delighted to recommend Elucidate for their exceptional consultancy services, it has been a pleasure working together on this business critical activity. “
Jilly Atherton – Group HR Director at Victrex PLC
data migration projects, business applications, IT project management, change management process

Get the right support for your business

Find out how we can deliver efficient and flexible support to each layer of your business IT infrastructure.