GDPR

What is GDPR?

GDPR, regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU, and it was introduced to give European citizens control over their personal data. The UK adopted GDPR in 2018 under the Data Protection Act (DPA) 2018 and updated this in January 2021 to UK GDPR.  A critical concept within UK  GDPR is the Implementation of data protection by design and by default. This means that any action that involves processing personal data must be done with data protection and privacy built into every step. Once a product or service has been released, the strictest privacy settings must apply by default.

As a start up or an established financial services firm, what do you need to do to ensure you are complying with GDPR?

Are you complying with the General Data Protection Regulations?

Financial services firms process vast amounts of personal data on behalf of their customers, payment beneficiaries and employees. With recurring news stories of data breaches, the loss of  customer data, and the subsequent damage to reputation and trust, more emphasis is being placed on data security and GDPR compliance. We can help you with GDPR compliance in the following ways.

• Asset identification and data mapping- examining the categories of personal data collected by the firm, its journey through the data processing functions within your business and any third parties with whom the data is shared, the lawful basis relied upon to porocess the data and the controls in place to protect the data. 
• As we progress through each workshop we consolidate our findings in a Data Asset Inventory and Record of Processing.
• Perform an organisation wide gap analysis, examining where your data processing functions do not meet the requirements of GDPR, and providing recommendations and remediation guidance for your internal teams.
• Conduct Data Privacy Impact Assessments (DPIA) to help you to ensure data protection by design and default have been considered as part of a programme, project or process change and assess your compliance with your data protection obligations.
• In consultation with key stakeholders within your organisation, author key data privacy related policies and procedures specific to how your business operates. Documents we can provide include a data protection policy, customer privacy notice, data subject request access procedures, template responses to data subject access requests, data deletion procedures, etc.
• Training staff on understanding their responsibilities under the GDPR.

Helping you implement the regulations in a practical way that works for your business

As cyber security and privacy experts, we have extensive experience in identifying and mapping information assets, conducting gap analyses, carrying out annual compliance audits, developing policies and procedures as well as a full GDPR review and remediation strategy along with training for our clients.