Our years of experience leads us to urge any organisation that is offered 'template' policies or an 'IT solution' to exercise great caution about the risk they are not unlikely to be running.
Our legal sector auditing team has recorded more non-compliances than we can easily count due to organisations using template plans, policies and procedures!
Whilst GDPR has a uniform set of rules to follow, every organisation, including yours, uses data in different ways and many organisations already have some form of governance in place in respect of data.
Our approach is far more comprehensive and tailored to each organisation. Some organisations want all of the steps below, and some just ask for one or two; you can adopt whichever you need.
Phase 1: We conduct a fixed price gap analysis
(For organisations that already have structured plans, policies and procedures in place). We provide you with a detailed report, including details of what you need to do or consider to plug any gaps.
Phase 2: We visit your office to map your data
We meet with the relevant key people in your organisation to discuss and map as to how your organisation uses data and would like to use data.
Then, back at our own offices, we draft the new plans, policies and procedures for you (or augment your existing ones).
Phase 3: Training and support (if required)
The most common cause of data breaches is human error; it's one thing to rewrite the rulebook, but it's often something else entirely to actually implement it and affect changes in staff behaviour to meet it. We provide training and support at all levels to help you to embed your new plans, policies and procedures with your staff.
Demonstrate that you have prepared
The organisations for whom we've conducted work up to the point of training are presented with our 'GDPR Prepared' mark.
There's no underestimating the importance of effective preparation for GDPR; this mark communicates to your staff, clients, suppliers and others that you have put in place processes intended to support best practice for data protection.
Having received the mark, you can choose to display it on your website, in email signatures, on business cards and stationery, in social media and elsewhere.
Please get in touch with us to discuss your concerns and requirements.