Data Privacy Impact Assessments

Are you ready for GDPR?

Most organisations and businesses are still blissfully unaware just how much the new European General Data Protection Regime (GDPR) is going to affect their business processes. They are also unaware of the severity of the fines if they are not compliant.

Businesses need to be aware of five important things: -

  • They will need to identify each and every one of their business processes which involve handling data to see which are subject to GDPR and detail how that data will be processed, stored and used
  • They will then have to then have to ensure each process conforms to their data privacy policy, or amend the process, or the policy so it complies. Failing that a separate policy may be required to be written for that process.
  • They will need to employ and pay the salary and expenses of a Data Protection Officer, whose job it is to make the Data Protection Impact Assessments and report back whether or not you are compliant to the member state's Data Protection Regulator, or Privacy Commission. So effectively you pay for someone, bound by law to report on your company if you are in breach of the law.
  • Each member state can write its own data protection laws, so there will be no set standard across the whole EU. This could mean in theory that each business has to write several policies for one business process.
  • Penalties for non-compliance can run into millions of Euros

What can a Data Privacy Impact Assessment do for you?

A data privacy impact assessment is designed to help you achieve compliance before the NEW GDPR law takes effect and consists of: -

  1. producing a readiness audit report to establish just how ready your organisation is to meet the requirements of the new law
  2. assisting in understanding exactly what data is being processed and to identify key processes that require data privacy policies putting in place
  3. guidance on producing fit for purpose policies
  4. assistance on producing an action plan with timescales for implementation of polices
  5. Recommendations and advice on best practice in data handling and protection

As far as execution and enforcement of GDPR is concerned the European Commission has stated that ignorane of the law is not an acceptable excuse and fines will be levied regardless of status and commensurate to the size and profitability of the company. These enormous financial penalties will be equivalent of 2-4% of global turnover which in some cases to run into millions of Euros.

You can also download a PDF detailing guidance and advice on preparing for GDPR issued by the Information Commissioner's Office (ICO) 'here'

For more details about our Data Privacy Impact Assessments please contact The Advisory Bureau by using our enquiry form.