Initially, we carried out a thorough data review to understand on our client’s current standing. This included:
- Inventory and data mapping to give an accurate overview of the pattern of data-flows.
- Review of governance structure, controls and relevant policies and procedures.
- On site interviews with key members of staff as well as the senior management team.
- Review of the new digital data management system that our client had selected.
When we benchmarked our findings against GDPR requirements, we uncovered a host of issues that needed to be addressed, primarily:
- Inconsistencies across the business in the way data and data breaches are handled.
- Outdated privacy statements and policies.
- Gaps in the process for recording and managing consent, and in the data subject access request process.
- Deficiencies in the new digital data management system around effective data minimisation, anonymisation, portability and deletion.
Having identified the key priorities, we then created a detailed implementation plan. Our clear game plan took the pressure off our client’s team, allowing it to easily make the required changes before the GDPR deadline and ultimately better protect its customers’ data.