Be Informed:

• Fact finding to determine scope, extent of personally identifiable information (PII) held
• Security environment, data handling policies, procedures and practices review
• Governance framework and compliance to existing data protection law review
• GDPR readiness review in your business today
• GDPR knowledge review of staff and management in your business

Be Aware:

• Data Controller, Data Processor identification, what responsibilities within your business
• Third Party involvement in handling personally identifiable information identified
• Private Information Register review/creation and risk rating considerations
• Cyber Security awareness review and risk considerations within your business
• Technology and system development strategy review within your business

Be In The Detail:

• Data mapping to establish type, location, nature of all personally identifiable information
• GDPR principles applied to personally identifiable data held to gauge level of compliance
• Person’s rights applied to test capabilities of database systems (manual/digital) to action
• GDPR principles of ‘Privacy By Design’, ‘Privacy by Default’ approach to review/test
• Cyber Security review of systems, software effectiveness, identify current vulnerabilities
• Company policies, procedures, notices review (privacy, cookie, security, data handling)
• Data Portability activities within the organisation, impact of GDPR compliance
• Subject Access Requests, Data Breaches, Breach Notifications procedures review
• Supervisory Authority information requests procedures review
• Future Governance Framework design/redesign going forwards

Be Careful: "Mind the Gap"

• Interim and final GAP analysis against GDPR regulations identified
• Remedial Action Plan creation to address the gaps in GDPR compliance
• Support implementation of remedial actions to close the gaps identified in policies, processes and systems