What is GDPR?

The GDPR (General Data Protection Regulation) seeks to create a data protection law framework across all organisations that manage, process and control data in their interaction with the EU and aims to give control of personal data back to the individual. The reform impose strict rules on those hosting and ‘processing’ this data, anywhere in the world. The regulation presents some challenges to the accepted ways of managing data and makes clear the responsibilities of both the controllers of any data (whether corporate or individual) and the processors of any data.

It is a requirement that users:

  • Understand how companies use their data for sales and marketing purposes.
  • Are aware of their rights with regard to personal data.
  • Are informed of any issues in the control and management of their data (such as data breaches).
  • Organisations are concerned about the heavy financial penalties the Regulation can impose. However there is significant gain form those that embrace, adopt and consider how planning and early adoption of GDPR can bring market opportunity or advantage.

Are you ready for the challenge of GDPR?

Your GDPR journey and the Cloud

Cloud organisations that deliver true transparency to their customers will build strong trust in their Capabilities and brand. Start the GDPR transition with an emphasis on your business in the cloud – to drive process, policy, technology and informed decisions.

Exponential-e provides solutions, services and expertise to help support your aspirations in being GDPR ready.

There are five key areas that need to be addressed:

Governance:

How can you translate GDPR into actions and values for your business. Lets help you consider what measures need to happen, against what activities and compliance's you already maintain and have.

Security:

Protecting the security of your data in the Cloud and providing an infrastructure that ensures proper user rights, choice, rectification and erasure correctly and easily is paramount.

Processes:

This is probably one of the largest and impacting areas of the regulations, understanding the required changes is key.

Data:

Understanding where your data is, how its used and who is interacting with it is a primary requirement. Transparent undertaking between you and your cloud service provider is an absolute requirement.

People and Communication:

Train your people on GDPR requirements so they understand the risks of improper data use.

Assessment

Overview

GDPR is a complex and far-reaching legislation, comprising many components that touch organisations in differently and at all levels. GDPR needs a strong Information Governance program and technical framework to succeed.

A comprehensive approach is required, taking all of its aspects and your organisations needs into consideration.

The assessment we provide can be a great help whether your company has already considered GDPR or is preparing to start. The assessment begins with determining the main GDPR stakeholders in your organisation per key area of attention. This is done together with the person responsible for data privacy in your organisation (you may even already have a special data privacy officer in place). These stakeholders might be: representatives of the HR department, for communication, training and personnel data; of the marketing department, for protecting your brand and your customer data; and of the IT department, for security issues. Interviews will be planned with all these people.

Options

There are three versions of the assessment.

The first is a single day engagement to advise and understand your enterprise and what our consultants can assist with your start on the road to GDPR compliance. And an overview on areas that your business needs to focus on.

The Second is a week long assessment. This assessment is intended for companies who need to progress their GDPR readiness and process significant amounts of data. A review of the enterprise will determine how complex compliance will be. This will result in recommendations on how to speed-up the process and increase your chance of success.

Or do a full assessment (nominally 4-6 weeks); depending on the size of the organisation and the size of the business. It will address all five key areas and GDPR requirements. The goal is a practical roadmap, drawn-up in close co-operation with your internal stakeholders and owned by your data privacy officer or designated individual.

Goals

The Goal

The goal of assessment is to create a path of how your organisation can achieve GDPR, looking at the five main areas to decide what works need to be achieved. These areas are governance, people and communication, processes, data and security. The focus is on where your company´s biggest risks are and helping you to become ready for GDPR May 2018.

Checklist & Accelerators

Checklists and accelerators

Checklists and accelerators ensure the effectiveness of the sessions. We developed GDPR outcome-based materials like an overview of all GDPR requirements and measures, a list of all types of personal data, but also ready-to-use agendas to be customized for the different participants in the interviews or workshops. This way processes that could take weeks can be handled more quickly.

During the workshops the GDPR requirements are weighed against the processes, norms and values of your company in a consistent manner. The gaps and priorities found will lay the foundation for your roadmap.