Follow our advice to make sure your organisation is GDPR-compliant and avoids disciplinary action.
After a relatively quiet few months, the EU GDPR (General Data Protection Regulation) is back in the news. Organisations have been waiting uneasily since the dramatics of the 25 May 2018 compliance deadline, wondering what the Regulation will look like in practice and whether its much-discussed fines will become a reality.
They got their answer last week, when German chat app Knuddels became the first organisation to receive a substantial penalty under the GDPR. Hotel giant Marriott, which recently confirmed that up to 500 million customers had been affected by a data breach, could be next.
These incidents should act as warnings to everyone. You can now be certain that violations will be punished, and although the there have been no blockbuster fines so far, it’s worth remembering that the few infractions that have been penalised were relatively minor or mitigated by an effective response. Serious failings will be met with marsh harsher penalties.
Make sure you don’t have any compliance gaps
Your organisation will have changed since beginning its GDPR compliance journey, so it’s important to make sure you haven’t fallen out of compliance or overlooked anything.
The only way to do that is to conduct an internal audit. This involves a thorough review of your practices, comparing them to the Regulation’s requirements. It must be performed by a GDPR expert, as they are the only people who will know for sure whether you’ve interpreted the requirements correctly.
If you don’t have an expert on board, or you do but they don’t have time to complete an audit, there’s no need to panic. Our GDPR Audit Service includes everything you need to review your compliance posture.
Our privacy specialists will audit the adequacy and effectiveness of your privacy management and information security practices, and provide a detailed report of their findings.
The report will explain areas of weakness and greatest risk, in addition to areas of particularly good practice that have been identified. Prioritised recommendations will be highlighted to help you develop an action plan to address weaknesses and risks.