We can work with a variety of organisations to implement changes required to ensure GDPR compliance. Here is an example of how we work together to help you.
Work with a medium-sized financial services firm to assess and implement the changes required to ensure the business is compliant with the new GDPR requirements within a tight 10-week timeframe.
A three-person Hill Dickinson, The Compliance Foundation and Xyone team.
An initial workshop with the firm’s senior team.
Completion of a two-day assessment, with recommendations to follow.
Assist the HR team in identifying and appointing a new Data Protection Officer and ensure that they are set up for success with the board.
Complete a review of the firm’s current products and its product design policies and processes to ensure that the concept of ‘privacy by design’ is properly embedded and auditable.
Complete a full assessment of the firm’s websites and sign-up sites to ensure that the requests for permission to use customer data are suitably comprehensive and adequate.
Complete a full review of the firm’s data protection policies and procedures and update appropriately - particularly in relation to how the firm processes its customer data.
Complete a full assessment of the firm’s technology arrangements (including a penetration test) and create a plan to upgrade the arrangements, so that they are secure and comply with the new GDPR requirements.
Design and implement a training and development activity to help the firm’s staff understand their role in data protection and ensure they are suitably skilled and knowledgeable.