This service has been developed by Skills Team Training as a professional GDPR Audit focusing on helping Business Owners and Managers create, implement and stay GDPR compliant with EU GDPR Regulations.
The GDPR Audit Journey
GDPR GAP Assessment
GDPR Audit – implementation to ensure GDPR accountability
The GDPR GAP Assessment is held on one day and this will drive the GDPR audit focus.
Only after the GAP analysis is carried out will we know what your business has in place and what the needs are.
We then offer ongoing support to you, as it’s critical that your business treats GDPR as an ongoing compliance concern.
1. GDPR Gap Assessment
In order to understand your business GDPR start point, we will conduct a GDPR GAP Assessment on-site in partnership with you to determine your Data Protection readiness, aims, and key areas of concern. This typically is 1 day.
We ask strategic questions on your data around the following areas:
Governance and accountability
Data Collection and Processing
Privacy Statement & Direct Marketing
Data Storage & Security
Data Subject Rights
Data Retention & Deletion
After completion of the above, you will receive an analysis showing audit evidence and opportunities for improvement this will lead you onto the GDPR Audit.
2. GDPR Audit – Implementation to ensure GDPR accountability
Based on the results from the GDPR GAP Assessment, we will clearly outline any further steps/opportunities needed for GDPR accountability that arose from the GAP Assessment. This often includes but not limited to:
Assess existing policies and where required design policies to manage and mitigate risk. You will receive updated policies including data subjects’ rights and firms’ obligations.
Advise that direct marketing activities (if carried out) are in line with GDPR requirements and PECR
Advise that all employees receive appropriate data protection training.
Further assistance with a data retention schedule and policy (customer and employee data) your business needs to be aware of how long data should be kept based on either regulatory bodies or your firm’s business justifications.
Further assistance with data mapping – your business needs to understand how much personal data is retained and where/whom that is stored/shared with.
Further assistance with GDPR Technology to examine what security measures must be in place to protect the data and any other arrangements most companies outsource IT however, from a GDPR Accountability viewpoint there needs to be evidence that appropriate security and organizational measures are in place.
Further assistance with GDPR HR requirements – drafting employee and recruitment privacy policies if required.
Drafting of data processor agreements and structures in place to ensure international transfer compliance.
We aim to work closely with you to comply with GDPR and ensure all opportunities for improvement are attained.
3. Ongoing Support
GDPR needs to be consistent and not treated as a once off project. Your business needs to stay up to speed with annual training and ensure your business knows how GDPR will impact your employees and your customers. Fines can be imposed therefore your business needs to assess the cost of implementation versus a potential fine.
Who is this service for?
This service is for Business Owners and Managers to create, implement and stay GDPR compliant with EU GDPR Regulations.
How is the service delivered?
This service is delivered over the number of days that you choose. We can deliver this service in the timeframe that suits you. For example, we can deliver one full day every week or spaced out every two weeks etc.