General Data Protection Regulation Compliance Advisory

The General Data Protection Regulation (GDPR) enters into enforcement on 25th May 2018 to supersede the 1995 EU Data Protection Directive (95/46/EC). All organisations that process personally identifiable information (PII) of EU residents must comply with the regulation, regardless of where they are in the world.

The regulation extends the data protection rights of individuals and will require organisations to develop policies, procedures, measures and security controls to protect the personal data of their customers, employees and other affected parties.

Preparing for the GDPR

Some of the areas your organisation may need to address in terms of GDPR compliance include:

  • Appoint a GDPR owner
  • Establish a GDPR compliance project
  • Raise awareness internally within the organisation
  • Update or develop policies and procedures
  • Understand what personal data you hold and how it is processed
  • Assess risks to personal data and implement organisational measures
  • Review current privacy notice/s
  • Define/update subject access request procedures
  • Define/update procedures related data breaches
  • Conduct Data Protection Impact Assessments (DPIA) on relevant projects
The scope of the project largely depends on the size of the business and the data it processes. Taking a risk-based approach will allow you to allocate your resources economically while working toward the highest value activities.

How we can help

We can help your organisation with determining what compliance gaps you need to address and establishing a framework for data protection and information security by assessing your business context and developing suitable policies, procedures and information security controls using best practice standards and tools.

Services we provide:

  • GDPR compliance gap assessment workshop
  • GDPR awareness workshops
  • Policy and procedure development
  • IT security audit/assessment
  • Risk assessment workshops
  • Information security management system development
  • Incident/Change managment system development

Please get in touch with us today to see how we can help you accelerate your GDPR project efforts. There is more detail on some of our services below.

GDPR Compliance Gap Assessment workshop

Kick-start your GDPR project with a detailed assessment of your organisation's current state of compliance against areas such as governance, risk management, roles and responsibilities, scope of compliance, PIMS, ISMS, rights of data subjects and more.

The report we produce as part of the gap assessment will highlight action items and points of focus you may want to give a higher priority as you build up your GDPR project roadmap.

GDPR Starter project

The starter package aims to help you accelerate your GDPR project and ease the burden on you by producing a number of key documents which form a solid compliance framework to develop further policies and procedures as needed.

  • Data Protection Policy
  • Information Security Policy
  • PIMS and GDPR Objectives Record
  • Communications Procedure
  • Privacy Procedure
  • Privacy Notice
  • Subject Access Request Procedure
  • Complaints Procedure
  • Nonconformity and Corrective Action Procedure

Frequently Asked Questions

In brief, the rights of the individual under GDPR are:
  • The right to be informed regarding the collection and further processing of their personal data.
  • The right of access to obtain from the data controller a copy of their personal data.
  • The right to rectification of personal data if it is inaccurate or incomplete.
  • The right to erasure where consent is withdrawn or data is no longer needed for its original purpose.
  • The right to restrict processing of their personal data.
  • The right to data portability of data an individual has provided to a controller.
  • The right to object to processing of their personal data on certain grounds.
  • Rights in relation to automated decision making and profiling.

Examples of where we can help you define policies and procedures or align your existing documentation:

  • Data Protection Policy
  • Information Security Policy
  • Privacy Procedure
  • Communications Procedure
  • Privacy Notice
  • Subject Access Request Procedure
  • Subject Access Request Record
  • Complaints Procedure
  • Retention of Records Procedure
  • Data Protection Policy Management Review Procedure
  • Nonconformity and Corrective Action Procedure
  • Continual Improvement Procedure
  • Training Policy
  • Communication Procedure
  • Privacy Notice
  • Data Protection Impact Assessment Procedure
Company Info
CYWebDev Ltd
6 - 9 Trinity Street
Dublin 2

Registered in Ireland
Company number: 586213