Ensure Your Organisation Complies With GDPR
Data Protection and Privacy are a growing reputational risk to businesses. The transition to data-driven economies and Big Data makes it mandatory for organisations to address privacy risks. Needless to say, Data Protection is a priority for any organisation handling data. On 25 May 2018, the General Data Protection Regulation (GDPR) came into effect, revolutionising the way that personal data is used and handled.
What does EU GDPR mean for EU businesses?
- Data protection by design. Controllers must implement appropriate technical and organisational measures and procedures to ensure that processing safeguards the rights of the data subject by design.
- Fines. EU GDPR allows for fines of up to €20 million or 4% of total worldwide annual turnover (whichever is higher)
- Data Protection Officer. GDPR requires data controllers and processors to designate a DPO in any case where:
- the processing is carried out by a public authority or body
- the ‘core activities’ of the controller/processor consist of processing operations which ‘require regular and systematic monitoring of data subjects on a large scale’
- the core activities of the controller/processor consist of processing on a large scale of ‘special categories of data’ or personal data relating to criminal convictions and offences
The Smarttech247 GDPR & Other Data Protection Solutions
Smarttech247 is an ISO27001:2017 and ISO9001:2015 NSAI certified company working with organisations to help them develop a comprehensive and compliant data protection strategy. We have a team of senior data protection auditors and GDPR experts who can provide a wide range of data protection services, including:
- reviewing your organisation’s compliance with data protection requirements
- providing data protection compliance certification, drafting any required data policies or procedures
- providing training on those policies/ procedures and drafting training materials
Data Protection Officer as a Service (DPOaaS)
Smarttech247’s outsourced Data Protection Officer services provide organisations with peace of mind when it comes to management of all data protection aspects. With more than 10 years of expertise, we can help organisations maintain compliance, develop and implement Data Protection policies and procedures and ensure the GDPR requirements are met.
We take the pressure off by drafting data protection policies and procedures that best suit your organisation. Smarttech247 can help you review and consolidate existing Data Protection policies and procedures or identify and formulate new required policies.
Privacy Impact Assessments
The EU GDPR requires organisations to perform a Privacy Impact Assessment (PIA) and failing to do so can bring up fines up to 4% of an organisation’s annual turnover. Smarttech helps organisations conduct comprehensive privacy impact assessments to ensure compliance and find potential gaps. Our privacy impact assessments are always in line with the eight Data Protection Rules contained in the European legislation.
Smarttech247 offers a range of innovative and flexible Data Protection training and awareness programmes that go beyond the basics of compliance. Our data protection experts can help organisations develop and roll out a comprehensive Data Protection training and awareness system across their entire staff infrastructure, tailored to the organisation’s needs. Our services in this area include:
- providing training via webinar
- delivering on-site training
- drafting training manuals
Comprehensive Data Protection Audit Services
Smarttech247 help organisations maintain the highest level of compliance and prepare for audits by the Data Protection Commissioner. We can assess how your current organisational resources or assets are managed in relation to National and European Data Protection Legislation. We can offer three levels of compliance audits:
Level One Audit
- Verify your documented data protection system adequately addresses all aspects of the Data Protection Legislation
- Check that any existing Policies, Codes of Practice, Guidelines and Procedures meet the requirements of the Legislation
- Carry out a gap analysis of those documents
- A ‘desktop’ exercise that can usually be conducted off-site
Click here to read more about our Level 1 Audit
Level Two Audit
- More detailed examination of how the data protection system is being used in practice and its overall effectiveness
- Interviews / questionnaires conducted with key personnel
- Also examines certain documents not reviewed for the purposes of a Level 1 Review
- More detailed report issued than for a Level 1 Review
Click here to read more about our Level 2 Audit
Level Three Audit
Includes more extensive interviews and questionnaires to establish existing data procedures and controls
A detailed assessment of compliance in practice with those procedures and controls and Data Protection Legislation
Comprehensive checklists and reports produced
Level 3 Reviews are more appropriate for large organisations or those companies with extensive data protection requirements and obligations
Click here to read more about our Level 3 Audit
If you want to learn more about the Smarttech247 Data Protection Services, request a FREE consultation today!