The General Data Protection Regulations (GDPR) comes into effect on 25 May 2018 and replaces most of the provisions of the UK’s Data Protection Act 1998 (DPA) and other local data protection laws and directives across the European Union. It will introduce new procedures and tougher rules on how personal information must be handled and protected.

GDPR is clear and concise, but carries substantial financial penalties for non-compliance and significant reputational harm, than ever before.

XpertLync offers support and delivers advisory services to assist with your organisation’s readiness and continued compliance for GDPR.

Working with decision makers and key management to assist in implementing GDPR measures, we will help audit your organisation’s readiness and resiliency by testing systems, processes and infrastructure for security soundness.

    Pre-Audit and Post Audit
  • Conduct information audits across the organization to review, identify and assess the data being held
  • Conduct specific Data Flow assessments providing Gap Analysis to identify control weakness, strengths and areas for development
  • Work with the organization to, design and implement appropriate technical and internal measures to ensure Data Protection is designed into all processes
  • Work with the organization to design a Data Privacy Impact Analysis framework linking to per-existing risk management and project management processes
  • Review the processing of data, identify and document the lawful basis for the processing activities, including clear and concise Consent mechanisms
  • Review the GDPR risks on the organizations Risk Register and create the critical list of control weaknesses versus actions required by the GDPR legislation
  • A complete review and/or develop framework of policies and procedures needed to ensure GDPR compliance and provide a plan for Data Protection or Privacy by Design documentation
  • Monitor compliance with data protection policies and regularly reviewing the effectiveness of handling/processing personal data and updating security controls
  • Develop and provide a clear Road Map needed for regular review of security access and controls to ensure privacy and security of personal data resulting in a documented Data Protection Impact Assessment framework
  • Help the organization develop a staff training and awareness program