SlideShare a Scribd company logo

Data Protection & GDPR Health Check Service Overview

DVV Solutions Third Party Risk Management
DVV Solutions Third Party Risk Management

An introduction to the Data Protection & GDPR Health Check service provided by DVV Solutions. Ensure your compliance with GDPR and understand the gaps you need to fill.

1 of 9
Download to read offline
Data Protection & GDPR Health Check Service Overview
Ensuring Your Data Supports Your Business You must make the best use of today's digital information to deliver the optimal level of service and support to your customers. In a climate where all forms of data are becoming more and more valuable for clients, customers and malicious Third Parties, measures must be taken to ensure effective privacy and protection of this data whilst allowing you to use it for greatest commercial impact. Furthermore, data protection laws and ever increasing regulatory and commercial pressure on the use of information are vital issues that impact on every organisation. The EU General Data Protection Regulation (GDPR) represents possibly the biggest change to data protection law and affects every organisation that controls or processes Personally Identifiable Information (PII) of EU customers and/or employees. DVV Solutions understands that in order to ensure the ongoing services you offer are delivered in line with GDPR and other regulations, your organisation must first gain an understanding of the privacy risk areas you face and what exposure these risks leave you with. Not until those risks are identified and understood will you be able to mitigate those risks accordingly. DVV Solutions are able to assist you with this burden through a comprehensive Data Protection and GDPR Health Check providing an independent objective assessment of your organisation’s current data protection and compliance posture. Your Data Protection & GDPR Health Check Your Data Protection and GDPR Health Check is a business critical tool that is designed to identify how the organisation stands in relation to data protection legislation whilst also assessing the organisation's data protection posture. Assessment of data processing in relation to the 6 Principles of GDPR Assessment of privacy notices and DSAR processes Assessment of your applicable GDPR policies and documentation Assessment of your processes in relation to the 8 ‘rights’ of data subjects Assessment of technical data security capabilities Assessment of relationships with data processors Assessment of Staff training and awareness Assessment of Incident Response & Breach reporting
The Health Check Process DVV Solutions will undertake a comprehensive program of work in order to fully evaluate your current data protection and privacy posture and the risks to your data. Engaging our services allows your organisation to appoint dedicated industry professionals who have the knowledge and expertise of data protection law and practices to ensure and demonstrate compliance with regulations including the Data Protection Act, 1998 (DPA) and GDPR. Your Data Protection and GDPR Health Check will be built upon our 3 step process: Current State Review Evaluation of current documented policies and procedures. Builds understanding of current state and structures in order to successfully execute a thorough assessment. Consultation & Assessment Face to face evidencing of current state with key stakeholders and function owners. Develops an understanding of operational environment and practical implications of data privacy and management within the organisation. Analysis & Reporting Evaluates the impact and effectiveness of the data management, security and risk controls in place. Reports on current gaps and key data risks. Provides detailed recommendations for improvements to data management, regulatory compliance and security posture.
Performing the Health Check A schedule of meetings and assessment activities will be agreed with the nominated single point of contact and the identified business areas. This will be reviewed in a meeting or call in advance to ensure that the interviews are with an appropriate mix of managerial and operational staff and cover all of the control areas necessary to establish an assurance rating. A draft schedule and list of the controls to be covered will be provided in advance. While on site the assessment team will meet with staff to establish if controls are in place to ensure the organisation complies with its data protection responsibilities. This will include interviews with staff, reviewing relevant records and, if necessary, observing procedures being implemented in practice. DVV Solutions may require access to relevant staff ‘desk side’ where possible to understand how staff process personal data (limited to the scope provided). Space will be usually be allocated in the schedule of interviews for testing and evidence gathering. DVV Solutions will consider the extent to which any Internal Audit department includes data protection audits in their programs of audit or compliance work to avoid duplication of work. A nominated single point of contact will be required to be available throughout the process to provide support and exchange feedback on progress. DVV Solutions believes that regular feedback should assist both the assessor and the organisation to quickly understand and address emerging issues and concerns and help to avoid any misunderstanding. Pre-Health Check Requirements The following documents, if available, should be sent to the assessors prior to the fieldwork commencing. > Organisation Chart including Roles and Responsibilities > Data Protection Policy > Processor / Employee Confidentiality Agreement > Records Retention Policy > Subject Access Request Procedure > Personal Data Breach Policy and Procedure > Data Impact Assessment Process > Data Sharing Policy and Data Sharing/Processing Contract example > Procedure for International Transfers of Personal Data > Data Collection Forms > Fair Processing Notices > Any other policy you feel may be relevant to Data Protection & Privacy
Business Familiarisation & Documentation Assessment A comprehensive assessment of the organisation’s documentation in relation to data protection practices will be carried out. This will be done in order to understand operational aspects of the organisation and how they interlink with data protection practices. Any gaps or conflicting policies will be highlighted as part of this assessment. This stage allows the assessors to familiarise themselves with business processes. Onsite Fieldwork At the start of the visit, we will arrange for an opening meeting with appropriate members of your senior management to explain the process to them. This provides an opportunity to discuss any issues and agree the data gathering process. The methodology used by the assessment team during the on-site visit is primarily a written response and interview based approach. Prior to onsite fieldwork the assessment team will distribute a series of questionnaires to the single point of contact, for completion by the appropriate stakeholders/process owners for subsequent verification during the interview phase. During the visit all assessors will make notes from interviews, observations and testing. This may be supplemented by visual inspections and examinations of selected uses of personal data within the organisation. It is of paramount importance that questions posed by the assessment team be answered comprehensively and accurately. The questions asked, and evidence gathered, would depend on the scope areas agreed in the letter of engagement. However, there are some generic areas that are normally covered within each scope area. Upon completion of the assessment visit, the assessment team will hold a meeting with the organisation’s management. If any major concerns have been identified by the assessment team they will be highlighted at this point. As far as possible, a general overview of progress will also be given.
Administration of Engagement Individual site arrangements for access and assessing will be channeled through a nominated contact in your organisation. Where possible interviews will be carried out on the client’s premises. With the exception of assessments and interviews undertaken at specialist technical sites that may be conducted at a pre agreed location. A room will be made available, where possible, to DVV Solutions assessors at sites identified in the schedule to carry out interviews, when it is not appropriate to work ‘desk side’, or while they are not conducting interviews. Schedule of Key Events In order to provide you with an expectation of the overall level of effort required and target timescales to execute the program of works we provide the following outline schedule of key events and milestones in undertaking the Health Check: > Acceptance of proposal by client > Engagement letter sent to client > Signed engagement letter received > Organisation’s documentation received > Business Familiarisation & Documentation Assessment commences > Scoping meeting with nominated point of contact to confirm process and schedule > Date of on-site visit(s) and schedule of interviews/work confirmed > Distribution and completion of GDPR questionnaires > Assessor attendance on site – fieldwork carried out > Health Check Report issued within 14 days of fieldwork being completed > Completion meeting / conference call where report is presented Note: Schedule and timelines may be subject to final agreement and the availability of relevant parties and documentation.
Data Protection and GDPR Health Check Scope of Work The scope of the Data Protection and GDPR Health Check and assessment activities will assess the risk of non-compliance with appropriate data protection principles, the utilisation of Information Commissioner’s Office (ICO) guidance and good practice notes and the effectiveness of data protection activities with specific reference to: > Data protection governance - The extent to which data protection responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor DPA compliance are in place and in operation throughout the organisation. > Training and awareness - The adequacy of current provision and monitoring of staff data protection training and the awareness of data protection requirements relating to their roles and responsibilities. > Records management - The processes in place for managing both electronic and manual records containing personal data. This will include controls in place to monitor the creation, maintenance, storage, movement, retention and destruction of PII data records. > Security of personal data - The technical and organisational measures in place to ensure that there is adequate security over personal data held in manual or electronic form. > Subject access requests - The procedures in operation for recognising and responding to individuals’ requests for access to their personal data. > Data sharing - The design and operation of controls to ensure the sharing of personal data complies with the principles of the DPA and GDPR and the good practice recommendations set out in the ICO Data Sharing Code of Practice. Out of Scope DVV Solutions will restrict its assessment activity to the departments and locations detailed and agreed within the scope. The Data Protection and GDPR Health Check will not review and provide a commentary on individual cases, other than to the extent that such work may demonstrate the extent to which you organisation is fulfilling its obligations and demonstrating good practice. DVV Solutions, however, retains the right to comment on any other weaknesses observed in the course of the assessment process that could compromise good data protection practice.
Expected Added Value Your Data Protection and GDPR Health Check is intended to address the areas of greatest risk and impact, and give you detailed guidance. As a result is can provide the following commercial benefits to your organisation: Minimised Risks – in-depth gap analysis of your existing processes will help to identify any potential risks or breaches ensuring processes are more aligned with the regulation. Improved Staff Awareness - staff and senior management will learn from each other about real life data protection issues and be enabled to develop better, standardised policies and processes. Understanding what regulations mean to their roles and the organisation will also develop greater commitment to achieving compliance. Improved Management and Security of Data Processing – data mapping exercises will give you and your team greater awareness of, and control over, the data you hold, who it is shared with, and what you need to do to protect it. Greater Ability to Manage Risks – we will help you understand how to complete a Data Protection Impact Assessment (DPIA), an important tool in helping you to identify and mitigate data risks when reviewing existing or new projects and suppliers. Auditable Document Trail – we can provide you with the necessary templates to create a document trail in place to demonstrate evidence of your efforts to achieve and maintain GDPR compliant processes and practices. Improved Reputation – by ensuring you only process data where you have the right to do so and improving the way you manage data, you will increase confidence in your brand and reduce the risk of fines and subsequent reputational damage. Streamlined and Simplified Route to GDPR Compliance – our expert team are able to navigate you through complex and time-intensive compliance processes and documentation to ensure you get the most effective and cost-efficient outcomes.
About DVV Solutions As specialists in Data Protection, Privacy and Governance we provide our clients with a service of the highest quality in a professional, commercial and responsive manner. We aim to assist you in enabling your organisation to reach its maximum potential in line with data protection and privacy regulations. Since 2014, we have been audited and are accredited to ISO14001 standards and in 2016 were also certified to the UK Government’s Cyber Essentials Scheme. Our ethos is to provide you the best value for money by offering the highest quality of service within a clear and consistent cost model. We do this by leveraging our extensive experience in the IT services sector and our best-of-breed technology and service partners. Start Your Health Check Today Let DVV solutions help you in ensuring the PII data of your Customers and Employees is secure, protected and managed within GDPR’s strict regulations with a Data Protection & GDPR Health Check. We’ll deliver a cost-effective program of work that helps you to achieve the level of data protection, privacy and GDPR compliance that your business requires. Contact us to start building your Data Protection & GDPR Health Check today. Call Us on +44 (0) 161 476 8700

Recommended

Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
Happiest Minds Technologies
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPR
ImogenRutherford
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Chris Doolittle
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
Elizabeth Baker, JD, CRCMP
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
Parsons Behle & Latimer
 

Recommended

Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
Happiest Minds Technologies
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPR
ImogenRutherford
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Chris Doolittle
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
Elizabeth Baker, JD, CRCMP
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
Parsons Behle & Latimer
 
Data protection
Data protectionData protection
Data protection
RaviPrashant5
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
Priyanka Aash
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
Erica Walker
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
Fahad Ameen
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
RominaMariaBaltariu
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...
Chris Doolittle
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
Fintan Swanton
 
GDPR
GDPRGDPR
GDPR
Sebastian Dramburg
 
Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection compliance
Fintan Swanton
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
The Pathway Group
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
Privacy KPIs.pdf
Privacy KPIs.pdfPrivacy KPIs.pdf
Privacy KPIs.pdf
Fetri Miftach
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Program
linhcuong
 

More Related Content

What's hot

Data protection
Data protectionData protection
Data protection
RaviPrashant5
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
Priyanka Aash
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
Erica Walker
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
Fahad Ameen
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
RominaMariaBaltariu
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...
Chris Doolittle
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
Fintan Swanton
 
GDPR
GDPRGDPR
GDPR
Sebastian Dramburg
 
Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection compliance
Fintan Swanton
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
The Pathway Group
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 

What's hot (20)

Data protection
Data protectionData protection
Data protection
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
 
Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
GDPR
GDPRGDPR
GDPR
 
Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection compliance
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 

Similar to Data Protection & GDPR Health Check Service Overview

Privacy KPIs.pdf
Privacy KPIs.pdfPrivacy KPIs.pdf
Privacy KPIs.pdf
Fetri Miftach
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Program
linhcuong
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
Jason Cumberland
 
Tips For Being Compliance Ready
Tips For Being Compliance ReadyTips For Being Compliance Ready
Tips For Being Compliance Ready
Peak 10
 
IMSM - Road to Implementation
IMSM - Road to ImplementationIMSM - Road to Implementation
IMSM - Road to Implementation
Delrae Eden
 
Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymond
spencerharry
 
Writing and enforcing effective so ps
Writing and enforcing effective so psWriting and enforcing effective so ps
Writing and enforcing effective so ps
GRCTS
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
SALES97
 
How an Organization Can Elevate Compliance Standards
How an Organization Can Elevate Compliance StandardsHow an Organization Can Elevate Compliance Standards
How an Organization Can Elevate Compliance Standards
360factors
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
Maher Manan
 
Data management (1)
Data management (1)Data management (1)
Data management (1)
sayed drakola
 
Predict360 Compliance Monitoring & Testing Software
Predict360 Compliance Monitoring & Testing SoftwarePredict360 Compliance Monitoring & Testing Software
Predict360 Compliance Monitoring & Testing Software
360factors
 
BSBWHS414 Contribute to WHS Risk Management
BSBWHS414 Contribute to WHS Risk ManagementBSBWHS414 Contribute to WHS Risk Management
BSBWHS414 Contribute to WHS Risk Management
TimeLMS7
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity Clients
ID Experts
 
web-MINImag
web-MINImagweb-MINImag
web-MINImag
Allison Walton
 
Infographic: Data Governance Best Practices
Infographic: Data Governance Best Practices Infographic: Data Governance Best Practices
Infographic: Data Governance Best Practices
Enterprise Management Associates
 
Ensuring SOC 2 Compliance A Comp Checklist.pdf
Ensuring SOC 2 Compliance A Comp Checklist.pdfEnsuring SOC 2 Compliance A Comp Checklist.pdf
Ensuring SOC 2 Compliance A Comp Checklist.pdf
socurely
 
10 Key Data Privacy Checklists for B2B 1.pdf
10 Key Data Privacy Checklists for B2B 1.pdf10 Key Data Privacy Checklists for B2B 1.pdf
10 Key Data Privacy Checklists for B2B 1.pdf
Sparity1
 
Internal InvestigationsChapter 11
Internal InvestigationsChapter 11Internal InvestigationsChapter 11
Internal InvestigationsChapter 11
TatianaMajor22
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke Patchlink
Ben Rothke
 

Similar to Data Protection & GDPR Health Check Service Overview (20)

Privacy KPIs.pdf
Privacy KPIs.pdfPrivacy KPIs.pdf
Privacy KPIs.pdf
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Program
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
 
Tips For Being Compliance Ready
Tips For Being Compliance ReadyTips For Being Compliance Ready
Tips For Being Compliance Ready
 
IMSM - Road to Implementation
IMSM - Road to ImplementationIMSM - Road to Implementation
IMSM - Road to Implementation
 
Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymond
 
Writing and enforcing effective so ps
Writing and enforcing effective so psWriting and enforcing effective so ps
Writing and enforcing effective so ps
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
 
How an Organization Can Elevate Compliance Standards
How an Organization Can Elevate Compliance StandardsHow an Organization Can Elevate Compliance Standards
How an Organization Can Elevate Compliance Standards
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Data management (1)
Data management (1)Data management (1)
Data management (1)
 
Predict360 Compliance Monitoring & Testing Software
Predict360 Compliance Monitoring & Testing SoftwarePredict360 Compliance Monitoring & Testing Software
Predict360 Compliance Monitoring & Testing Software
 
BSBWHS414 Contribute to WHS Risk Management
BSBWHS414 Contribute to WHS Risk ManagementBSBWHS414 Contribute to WHS Risk Management
BSBWHS414 Contribute to WHS Risk Management
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity Clients
 
web-MINImag
web-MINImagweb-MINImag
web-MINImag
 
Infographic: Data Governance Best Practices
Infographic: Data Governance Best Practices Infographic: Data Governance Best Practices
Infographic: Data Governance Best Practices
 
Ensuring SOC 2 Compliance A Comp Checklist.pdf
Ensuring SOC 2 Compliance A Comp Checklist.pdfEnsuring SOC 2 Compliance A Comp Checklist.pdf
Ensuring SOC 2 Compliance A Comp Checklist.pdf
 
10 Key Data Privacy Checklists for B2B 1.pdf
10 Key Data Privacy Checklists for B2B 1.pdf10 Key Data Privacy Checklists for B2B 1.pdf
10 Key Data Privacy Checklists for B2B 1.pdf
 
Internal InvestigationsChapter 11
Internal InvestigationsChapter 11Internal InvestigationsChapter 11
Internal InvestigationsChapter 11
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke Patchlink
 

More from DVV Solutions Third Party Risk Management

Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
DVV Solutions Third Party Risk Management
 
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
DVV Solutions Third Party Risk Management
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Third Party Risk Management
 
Third Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALThird Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINAL
DVV Solutions Third Party Risk Management
 
A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103
DVV Solutions Third Party Risk Management
 
DVV Solutions Legal Vendor Network White Paper April 2016
DVV Solutions Legal Vendor Network White Paper April 2016DVV Solutions Legal Vendor Network White Paper April 2016
DVV Solutions Legal Vendor Network White Paper April 2016
DVV Solutions Third Party Risk Management
 
DVV Solutions About Us Datasheet
DVV Solutions About Us DatasheetDVV Solutions About Us Datasheet
DVV Solutions About Us Datasheet
DVV Solutions Third Party Risk Management
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
 

More from DVV Solutions Third Party Risk Management (9)

Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
 
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
 
Third Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALThird Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINAL
 
A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103
 
DVV Solutions Legal Vendor Network White Paper April 2016
DVV Solutions Legal Vendor Network White Paper April 2016DVV Solutions Legal Vendor Network White Paper April 2016
DVV Solutions Legal Vendor Network White Paper April 2016
 
DVV Solutions About Us Datasheet
DVV Solutions About Us DatasheetDVV Solutions About Us Datasheet
DVV Solutions About Us Datasheet
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
 

Recently uploaded

The Fraud Examiner’s Report – What the Certified Fraud Examiner Should Know
The Fraud Examiner’s Report – What the Certified Fraud Examiner Should KnowThe Fraud Examiner’s Report – What the Certified Fraud Examiner Should Know
The Fraud Examiner’s Report – What the Certified Fraud Examiner Should Know
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Generate Revenue with Contact Center Business Model Strategy
Generate Revenue with Contact Center Business Model StrategyGenerate Revenue with Contact Center Business Model Strategy
Generate Revenue with Contact Center Business Model Strategy
RNayak3
 
Expert Tips for Pruning Your Plants.pdf.
Expert Tips for Pruning Your Plants.pdf.Expert Tips for Pruning Your Plants.pdf.
Expert Tips for Pruning Your Plants.pdf.
Local Gardeners
 
WORK PERMIT IN NORWAY | WORK VISA SERVICE
WORK PERMIT IN NORWAY | WORK VISA SERVICEWORK PERMIT IN NORWAY | WORK VISA SERVICE
WORK PERMIT IN NORWAY | WORK VISA SERVICE
RKIMT
 
Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...
Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...
Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...
Summerland Environmental
 
Copy Trading Forex Brokers 2024 ptx
Copy Trading Forex Brokers 2024 ptxCopy Trading Forex Brokers 2024 ptx
Copy Trading Forex Brokers 2024 ptx
Brokerreviewfx
 
METS Lab SASO Certificate Services in Dubai.pdf
METS Lab SASO Certificate Services in Dubai.pdfMETS Lab SASO Certificate Services in Dubai.pdf
METS Lab SASO Certificate Services in Dubai.pdf
sandeepmetsuae
 
3 Examples of new capital gains taxes in Canada
3 Examples of new capital gains taxes in Canada3 Examples of new capital gains taxes in Canada
3 Examples of new capital gains taxes in Canada
Lakshay Gandhi
 
Electrical Testing Lab Services in Dubai.pdf
Electrical Testing Lab Services in Dubai.pdfElectrical Testing Lab Services in Dubai.pdf
Electrical Testing Lab Services in Dubai.pdf
sandeepmetsuae
 
Solar powered Security Camera- Sun In One
Solar powered Security Camera- Sun In OneSolar powered Security Camera- Sun In One
Solar powered Security Camera- Sun In One
John McHale
 
Top 10 Challenges That Every Web Designer Face on A Daily Basis.pptx
Top 10 Challenges That Every Web Designer Face on A Daily Basis.pptxTop 10 Challenges That Every Web Designer Face on A Daily Basis.pptx
Top 10 Challenges That Every Web Designer Face on A Daily Basis.pptx
e-Definers Technology
 
The study compares AMUSE's FDM and MJF 3D printing technologies.pptx
The study compares AMUSE's FDM and MJF 3D printing technologies.pptxThe study compares AMUSE's FDM and MJF 3D printing technologies.pptx
The study compares AMUSE's FDM and MJF 3D printing technologies.pptx
Amuse
 
Best Immigration Consultants in Amritsar- SAGA Studies
Best Immigration Consultants in Amritsar- SAGA StudiesBest Immigration Consultants in Amritsar- SAGA Studies
Best Immigration Consultants in Amritsar- SAGA Studies
SAGA Studies
 
Emmanuel Katto Uganda - A Philanthropist
Emmanuel Katto Uganda - A PhilanthropistEmmanuel Katto Uganda - A Philanthropist
Emmanuel Katto Uganda - A Philanthropist
Marina Costa
 
Top Challenges Faced by High-Risk Merchants and How to Overcome Them.pptx
Top Challenges Faced by High-Risk Merchants and How to Overcome Them.pptxTop Challenges Faced by High-Risk Merchants and How to Overcome Them.pptx
Top Challenges Faced by High-Risk Merchants and How to Overcome Them.pptx
Merchantech - Payment Processing Services
 
Siddhivinayak temple timings Houston, TX
Siddhivinayak temple timings Houston, TXSiddhivinayak temple timings Houston, TX
Siddhivinayak temple timings Houston, TX
gaurisiddhivinayakte
 
The best Social Media Spy Apps for Catching Your Unfaithful Wife.pdf
The best Social Media Spy Apps for Catching Your Unfaithful Wife.pdfThe best Social Media Spy Apps for Catching Your Unfaithful Wife.pdf
The best Social Media Spy Apps for Catching Your Unfaithful Wife.pdf
tonytkelly6
 
How Do Love Spells Really Work? The Secret to Get Your Ex Back Fast, Powerful...
How Do Love Spells Really Work? The Secret to Get Your Ex Back Fast, Powerful...How Do Love Spells Really Work? The Secret to Get Your Ex Back Fast, Powerful...
How Do Love Spells Really Work? The Secret to Get Your Ex Back Fast, Powerful...
Traditional Healer, Love Spells Caster and Money Spells That Work Fast
 
eBrand Promotion Full Service Digital Agency Company Profile
eBrand Promotion Full Service Digital Agency Company ProfileeBrand Promotion Full Service Digital Agency Company Profile
eBrand Promotion Full Service Digital Agency Company Profile
ChimaOrjiOkpi
 
Enhance Your Home with Professional Painting Services
Enhance Your Home with Professional Painting ServicesEnhance Your Home with Professional Painting Services
Enhance Your Home with Professional Painting Services
Perfect Industrial
 

Recently uploaded (20)

The Fraud Examiner’s Report – What the Certified Fraud Examiner Should Know
The Fraud Examiner’s Report – What the Certified Fraud Examiner Should KnowThe Fraud Examiner’s Report – What the Certified Fraud Examiner Should Know
The Fraud Examiner’s Report – What the Certified Fraud Examiner Should Know
 
Generate Revenue with Contact Center Business Model Strategy
Generate Revenue with Contact Center Business Model StrategyGenerate Revenue with Contact Center Business Model Strategy
Generate Revenue with Contact Center Business Model Strategy
 
Expert Tips for Pruning Your Plants.pdf.
Expert Tips for Pruning Your Plants.pdf.Expert Tips for Pruning Your Plants.pdf.
Expert Tips for Pruning Your Plants.pdf.
 
WORK PERMIT IN NORWAY | WORK VISA SERVICE
WORK PERMIT IN NORWAY | WORK VISA SERVICEWORK PERMIT IN NORWAY | WORK VISA SERVICE
WORK PERMIT IN NORWAY | WORK VISA SERVICE
 
Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...
Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...
Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...
 
Copy Trading Forex Brokers 2024 ptx
Copy Trading Forex Brokers 2024 ptxCopy Trading Forex Brokers 2024 ptx
Copy Trading Forex Brokers 2024 ptx
 
METS Lab SASO Certificate Services in Dubai.pdf
METS Lab SASO Certificate Services in Dubai.pdfMETS Lab SASO Certificate Services in Dubai.pdf
METS Lab SASO Certificate Services in Dubai.pdf
 
3 Examples of new capital gains taxes in Canada
3 Examples of new capital gains taxes in Canada3 Examples of new capital gains taxes in Canada
3 Examples of new capital gains taxes in Canada
 
Electrical Testing Lab Services in Dubai.pdf
Electrical Testing Lab Services in Dubai.pdfElectrical Testing Lab Services in Dubai.pdf
Electrical Testing Lab Services in Dubai.pdf
 
Solar powered Security Camera- Sun In One
Solar powered Security Camera- Sun In OneSolar powered Security Camera- Sun In One
Solar powered Security Camera- Sun In One
 
Top 10 Challenges That Every Web Designer Face on A Daily Basis.pptx
Top 10 Challenges That Every Web Designer Face on A Daily Basis.pptxTop 10 Challenges That Every Web Designer Face on A Daily Basis.pptx
Top 10 Challenges That Every Web Designer Face on A Daily Basis.pptx
 
The study compares AMUSE's FDM and MJF 3D printing technologies.pptx
The study compares AMUSE's FDM and MJF 3D printing technologies.pptxThe study compares AMUSE's FDM and MJF 3D printing technologies.pptx
The study compares AMUSE's FDM and MJF 3D printing technologies.pptx
 
Best Immigration Consultants in Amritsar- SAGA Studies
Best Immigration Consultants in Amritsar- SAGA StudiesBest Immigration Consultants in Amritsar- SAGA Studies
Best Immigration Consultants in Amritsar- SAGA Studies
 
Emmanuel Katto Uganda - A Philanthropist
Emmanuel Katto Uganda - A PhilanthropistEmmanuel Katto Uganda - A Philanthropist
Emmanuel Katto Uganda - A Philanthropist
 
Top Challenges Faced by High-Risk Merchants and How to Overcome Them.pptx
Top Challenges Faced by High-Risk Merchants and How to Overcome Them.pptxTop Challenges Faced by High-Risk Merchants and How to Overcome Them.pptx
Top Challenges Faced by High-Risk Merchants and How to Overcome Them.pptx
 
Siddhivinayak temple timings Houston, TX
Siddhivinayak temple timings Houston, TXSiddhivinayak temple timings Houston, TX
Siddhivinayak temple timings Houston, TX
 
The best Social Media Spy Apps for Catching Your Unfaithful Wife.pdf
The best Social Media Spy Apps for Catching Your Unfaithful Wife.pdfThe best Social Media Spy Apps for Catching Your Unfaithful Wife.pdf
The best Social Media Spy Apps for Catching Your Unfaithful Wife.pdf
 
How Do Love Spells Really Work? The Secret to Get Your Ex Back Fast, Powerful...
How Do Love Spells Really Work? The Secret to Get Your Ex Back Fast, Powerful...How Do Love Spells Really Work? The Secret to Get Your Ex Back Fast, Powerful...
How Do Love Spells Really Work? The Secret to Get Your Ex Back Fast, Powerful...
 
eBrand Promotion Full Service Digital Agency Company Profile
eBrand Promotion Full Service Digital Agency Company ProfileeBrand Promotion Full Service Digital Agency Company Profile
eBrand Promotion Full Service Digital Agency Company Profile
 
Enhance Your Home with Professional Painting Services
Enhance Your Home with Professional Painting ServicesEnhance Your Home with Professional Painting Services
Enhance Your Home with Professional Painting Services
 

Data Protection & GDPR Health Check Service Overview

  • 1. Data Protection & GDPR Health Check Service Overview
  • 2. Ensuring Your Data Supports Your Business You must make the best use of today's digital information to deliver the optimal level of service and support to your customers. In a climate where all forms of data are becoming more and more valuable for clients, customers and malicious Third Parties, measures must be taken to ensure effective privacy and protection of this data whilst allowing you to use it for greatest commercial impact. Furthermore, data protection laws and ever increasing regulatory and commercial pressure on the use of information are vital issues that impact on every organisation. The EU General Data Protection Regulation (GDPR) represents possibly the biggest change to data protection law and affects every organisation that controls or processes Personally Identifiable Information (PII) of EU customers and/or employees. DVV Solutions understands that in order to ensure the ongoing services you offer are delivered in line with GDPR and other regulations, your organisation must first gain an understanding of the privacy risk areas you face and what exposure these risks leave you with. Not until those risks are identified and understood will you be able to mitigate those risks accordingly. DVV Solutions are able to assist you with this burden through a comprehensive Data Protection and GDPR Health Check providing an independent objective assessment of your organisation’s current data protection and compliance posture. Your Data Protection & GDPR Health Check Your Data Protection and GDPR Health Check is a business critical tool that is designed to identify how the organisation stands in relation to data protection legislation whilst also assessing the organisation's data protection posture. Assessment of data processing in relation to the 6 Principles of GDPR Assessment of privacy notices and DSAR processes Assessment of your applicable GDPR policies and documentation Assessment of your processes in relation to the 8 ‘rights’ of data subjects Assessment of technical data security capabilities Assessment of relationships with data processors Assessment of Staff training and awareness Assessment of Incident Response & Breach reporting
  • 3. The Health Check Process DVV Solutions will undertake a comprehensive program of work in order to fully evaluate your current data protection and privacy posture and the risks to your data. Engaging our services allows your organisation to appoint dedicated industry professionals who have the knowledge and expertise of data protection law and practices to ensure and demonstrate compliance with regulations including the Data Protection Act, 1998 (DPA) and GDPR. Your Data Protection and GDPR Health Check will be built upon our 3 step process: Current State Review Evaluation of current documented policies and procedures. Builds understanding of current state and structures in order to successfully execute a thorough assessment. Consultation & Assessment Face to face evidencing of current state with key stakeholders and function owners. Develops an understanding of operational environment and practical implications of data privacy and management within the organisation. Analysis & Reporting Evaluates the impact and effectiveness of the data management, security and risk controls in place. Reports on current gaps and key data risks. Provides detailed recommendations for improvements to data management, regulatory compliance and security posture.
  • 4. Performing the Health Check A schedule of meetings and assessment activities will be agreed with the nominated single point of contact and the identified business areas. This will be reviewed in a meeting or call in advance to ensure that the interviews are with an appropriate mix of managerial and operational staff and cover all of the control areas necessary to establish an assurance rating. A draft schedule and list of the controls to be covered will be provided in advance. While on site the assessment team will meet with staff to establish if controls are in place to ensure the organisation complies with its data protection responsibilities. This will include interviews with staff, reviewing relevant records and, if necessary, observing procedures being implemented in practice. DVV Solutions may require access to relevant staff ‘desk side’ where possible to understand how staff process personal data (limited to the scope provided). Space will be usually be allocated in the schedule of interviews for testing and evidence gathering. DVV Solutions will consider the extent to which any Internal Audit department includes data protection audits in their programs of audit or compliance work to avoid duplication of work. A nominated single point of contact will be required to be available throughout the process to provide support and exchange feedback on progress. DVV Solutions believes that regular feedback should assist both the assessor and the organisation to quickly understand and address emerging issues and concerns and help to avoid any misunderstanding. Pre-Health Check Requirements The following documents, if available, should be sent to the assessors prior to the fieldwork commencing. > Organisation Chart including Roles and Responsibilities > Data Protection Policy > Processor / Employee Confidentiality Agreement > Records Retention Policy > Subject Access Request Procedure > Personal Data Breach Policy and Procedure > Data Impact Assessment Process > Data Sharing Policy and Data Sharing/Processing Contract example > Procedure for International Transfers of Personal Data > Data Collection Forms > Fair Processing Notices > Any other policy you feel may be relevant to Data Protection & Privacy
  • 5. Business Familiarisation & Documentation Assessment A comprehensive assessment of the organisation’s documentation in relation to data protection practices will be carried out. This will be done in order to understand operational aspects of the organisation and how they interlink with data protection practices. Any gaps or conflicting policies will be highlighted as part of this assessment. This stage allows the assessors to familiarise themselves with business processes. Onsite Fieldwork At the start of the visit, we will arrange for an opening meeting with appropriate members of your senior management to explain the process to them. This provides an opportunity to discuss any issues and agree the data gathering process. The methodology used by the assessment team during the on-site visit is primarily a written response and interview based approach. Prior to onsite fieldwork the assessment team will distribute a series of questionnaires to the single point of contact, for completion by the appropriate stakeholders/process owners for subsequent verification during the interview phase. During the visit all assessors will make notes from interviews, observations and testing. This may be supplemented by visual inspections and examinations of selected uses of personal data within the organisation. It is of paramount importance that questions posed by the assessment team be answered comprehensively and accurately. The questions asked, and evidence gathered, would depend on the scope areas agreed in the letter of engagement. However, there are some generic areas that are normally covered within each scope area. Upon completion of the assessment visit, the assessment team will hold a meeting with the organisation’s management. If any major concerns have been identified by the assessment team they will be highlighted at this point. As far as possible, a general overview of progress will also be given.
  • 6. Administration of Engagement Individual site arrangements for access and assessing will be channeled through a nominated contact in your organisation. Where possible interviews will be carried out on the client’s premises. With the exception of assessments and interviews undertaken at specialist technical sites that may be conducted at a pre agreed location. A room will be made available, where possible, to DVV Solutions assessors at sites identified in the schedule to carry out interviews, when it is not appropriate to work ‘desk side’, or while they are not conducting interviews. Schedule of Key Events In order to provide you with an expectation of the overall level of effort required and target timescales to execute the program of works we provide the following outline schedule of key events and milestones in undertaking the Health Check: > Acceptance of proposal by client > Engagement letter sent to client > Signed engagement letter received > Organisation’s documentation received > Business Familiarisation & Documentation Assessment commences > Scoping meeting with nominated point of contact to confirm process and schedule > Date of on-site visit(s) and schedule of interviews/work confirmed > Distribution and completion of GDPR questionnaires > Assessor attendance on site – fieldwork carried out > Health Check Report issued within 14 days of fieldwork being completed > Completion meeting / conference call where report is presented Note: Schedule and timelines may be subject to final agreement and the availability of relevant parties and documentation.
  • 7. Data Protection and GDPR Health Check Scope of Work The scope of the Data Protection and GDPR Health Check and assessment activities will assess the risk of non-compliance with appropriate data protection principles, the utilisation of Information Commissioner’s Office (ICO) guidance and good practice notes and the effectiveness of data protection activities with specific reference to: > Data protection governance - The extent to which data protection responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor DPA compliance are in place and in operation throughout the organisation. > Training and awareness - The adequacy of current provision and monitoring of staff data protection training and the awareness of data protection requirements relating to their roles and responsibilities. > Records management - The processes in place for managing both electronic and manual records containing personal data. This will include controls in place to monitor the creation, maintenance, storage, movement, retention and destruction of PII data records. > Security of personal data - The technical and organisational measures in place to ensure that there is adequate security over personal data held in manual or electronic form. > Subject access requests - The procedures in operation for recognising and responding to individuals’ requests for access to their personal data. > Data sharing - The design and operation of controls to ensure the sharing of personal data complies with the principles of the DPA and GDPR and the good practice recommendations set out in the ICO Data Sharing Code of Practice. Out of Scope DVV Solutions will restrict its assessment activity to the departments and locations detailed and agreed within the scope. The Data Protection and GDPR Health Check will not review and provide a commentary on individual cases, other than to the extent that such work may demonstrate the extent to which you organisation is fulfilling its obligations and demonstrating good practice. DVV Solutions, however, retains the right to comment on any other weaknesses observed in the course of the assessment process that could compromise good data protection practice.
  • 8. Expected Added Value Your Data Protection and GDPR Health Check is intended to address the areas of greatest risk and impact, and give you detailed guidance. As a result is can provide the following commercial benefits to your organisation: Minimised Risks – in-depth gap analysis of your existing processes will help to identify any potential risks or breaches ensuring processes are more aligned with the regulation. Improved Staff Awareness - staff and senior management will learn from each other about real life data protection issues and be enabled to develop better, standardised policies and processes. Understanding what regulations mean to their roles and the organisation will also develop greater commitment to achieving compliance. Improved Management and Security of Data Processing – data mapping exercises will give you and your team greater awareness of, and control over, the data you hold, who it is shared with, and what you need to do to protect it. Greater Ability to Manage Risks – we will help you understand how to complete a Data Protection Impact Assessment (DPIA), an important tool in helping you to identify and mitigate data risks when reviewing existing or new projects and suppliers. Auditable Document Trail – we can provide you with the necessary templates to create a document trail in place to demonstrate evidence of your efforts to achieve and maintain GDPR compliant processes and practices. Improved Reputation – by ensuring you only process data where you have the right to do so and improving the way you manage data, you will increase confidence in your brand and reduce the risk of fines and subsequent reputational damage. Streamlined and Simplified Route to GDPR Compliance – our expert team are able to navigate you through complex and time-intensive compliance processes and documentation to ensure you get the most effective and cost-efficient outcomes.
  • 9. About DVV Solutions As specialists in Data Protection, Privacy and Governance we provide our clients with a service of the highest quality in a professional, commercial and responsive manner. We aim to assist you in enabling your organisation to reach its maximum potential in line with data protection and privacy regulations. Since 2014, we have been audited and are accredited to ISO14001 standards and in 2016 were also certified to the UK Government’s Cyber Essentials Scheme. Our ethos is to provide you the best value for money by offering the highest quality of service within a clear and consistent cost model. We do this by leveraging our extensive experience in the IT services sector and our best-of-breed technology and service partners. Start Your Health Check Today Let DVV solutions help you in ensuring the PII data of your Customers and Employees is secure, protected and managed within GDPR’s strict regulations with a Data Protection & GDPR Health Check. We’ll deliver a cost-effective program of work that helps you to achieve the level of data protection, privacy and GDPR compliance that your business requires. Contact us to start building your Data Protection & GDPR Health Check today. Call Us on +44 (0) 161 476 8700