Regulatory Technology Advice | Deployment | Development | Optimisation
In April 2016, The European Commission ratified The General Data Protection Regulation (GDPR), which covers the capture, control, and consent to use personal information. GDPR is designed to protect the data rights of E.U. citizens, meaning individuals will have greater control of who has their data, and how it will be used. Organisations must report on data breaches within 72 hours and will be bound by more stringent rules for obtaining consent from individuals on how their data can be used.
Under the GDPR, the responsibility of protecting the personal data of customers falls on the shoulders of organisations. GDPR applies to personal data that resides anywhere within an organisation, and applies to any company, inside or outside the E.U. that offers goods and services to European citizens.
Organisations must be 100% compliant from day one (25th May 2018) or regulators will issue fines for of between 2-4% of revenue. Depending on the infringement, the reputational damage from non-compliance may be long lasting.
The regulation on GDPR is clear on what needs to be done; however, organisations are struggling with how to do it. Protecting and securing data isn’t achieved by locking it away but by making it transparent across the organisation. To ensure GDPR compliance, organisations must be clear on where data is held and who is responsible for that data. It not only your responsibility to ensure data is secure, you must also be able to prove everything is being done to protect the subject’s data and the rights of the subject itself.
Millennium Affine provides a variety of services to support you through your GDPR action plan, from hands on consultancy services, through to online GDPR Awareness training for all staff, GDPR Practitioner courses for internal privacy champions, as well as GDPR Professional Data Protection Officer courses for in-house legal counsel.
Your General Data Protection Regulation (GDPR) journey…
The methodology we adopt to ensure our clients achieve GDPR compliance is an abbreviation of GDPR:
G - "govern" | At Board level we ensure GDPR is on the agenda before it becomes the agenda!
D - "discover" | We start with the Readiness Review to see where your organisation is currently on the road to GDPR compliance
P - "plan" | The Report from the Readiness Review delivers an Action Plan to ensure you achieve compliance, complete with helpful milestones leading up to 25 May 2018.
R - "remediate" | We provide a range of services to support your Action Plan:
- Board Executive briefings through to online GDPR awareness training for all staff
- GDPR Practitioner courses for internal privacy champions as well as GDPR Professional DPO courses for in-house legal counsel
- Data and Purpose Remediation to ensure you make the necessary process adjustments
- Legal Grounds Review to identify reality from illusion
- Data Subject Rights Remediation to prepare you for requests from third parties
- Notification Remediation to ensure your communication strategy is correct
- DPO as-a-service to support your end-to-end journey to GDPR compliance
- Accelerator tools to fast-track you through security without having to re-invent the wheel, including our various partners’ patented technologies
- Other unique matters that organisations will need, for example, to be compliant with the 'right to data portability'.
Our GDPR Training Programme is verified through Innovate Awarding's Quality Ensure Scheme, a national Awarding Organisation regulated by Ofqual, CCEA and Qualifications Wales. There are 6 levels of training, each provided either as online or classroom based courses:
1) GDPR Awareness - one hour overview covering all the basics of GDPR
2) GDPR Foundation - one day comprehensive roadmap covering the most important articles within GDPR
3) GDPR Practical - first day practitioner course containing Article 29 guidance, and tools and templates for 'change' professionals to implement GDPR
4) GDPR Practitioner - second day practitioner course with further workshops and guidelines, tools and templates to deliver GDPR
5) GDPR Legal - first day legal course complete with data protection and privacy case law relevant to GDPR, PECR and the DPA6) GDPR DPO - second day legal course for anybody wishing to become a data protection officer
All training courses are provided by experienced trainers, who also practice GDPR delivery. They can be provided tailored to your individual need, either during the day, evenings or at weekends.
Our team is focused on privacy, which today means GDPR. We are experienced across borders, industries and business functions.