GDPR Compliance Services
f society is currently working with a number of Organizations to create a GDPR compliance roadmap. Equally important, we enable organizations to understand the steps one needs to take in order to ensure GDPR compliance.
We can help you prepare for the GDPR.
our GDPR services
We distinguish the project of preparing an organization to comply with the GDPR requirements in the following phases:
Identification, Data Mapping & Data Flow Analysis
As part of an EU General Data Protection Regulation (GDPR) compliance project, organisations will need to map their data and information flows. This happens in order to assess their privacy risks and to form part of their Article 30 documentation. F society uses its methodology in order. Therefore it effectively maps your data, understand the information flow, describe it and finally it identifies its key elements.
f society GDPR Gap Analysis Services assess the extent of your organisation’s compliance with the GDPR (General Data Protection Regulation). As a result, it helps identify and prioritise the areas that they should be urgently addressed.
Data Privacy Impact Assessment (DPIA)
A Data Protection Impact Assessment (DPIA) is required under the GDPR any time you begin a new project that is likely to involve “a high risk” to other people’s personal information. We can take over the DPIA and include a template to help you execute the assessment by conducting: a systematic description of the envisaged processing operations and the purposes of the processing, including the legitimate interest pursued by the controller; an assessment of the necessity and proportionality of the processing operations in relation to the purposes and finally an assessment of the risks to the rights and freedoms of data subjects.
Implementation of Action Plans
f society can provide you with a method and answer questions such as: (a) How we can initiate an action plan for compliance? (b) What are the different stages of implementation? (b) What does the accountability principle stand for in practice?(e) How we conduct a Data Protection Impact Assessment.
f society provides contingency planning – for purposes of your information security. For instance, our solutions deliver a coordinated strategy of various plans, procedures, technical measures and initiatives for ensuring the recovery of information systems, operations, and data after a disruption of services. In addition we provide consultancy to comprehensive contingency planning.
Audits – Controls
f society’s GDPR audit, assesses your organisation’s or your company’s processes, systems, records and activities. This happens to Safeguard that appropriate, and adequate policies and procedures are enforced; Detect data breaches or potential cyber violations to comply; Conduct assessment and adequacy of internal controls; Authorise and validate the principles, policies and procedures are monitored and adhered to recommend changes in controls, policies, procedures and IT platforms. The is an agreement in consultation with the stakeholders about the scope of our GDPR audit scope to identify relevant data protection risks within the organisation. It takes into consideration both generic data protection issues as well as specific concerns about data protection policies and procedures.
Awareness – Training
f society can help you, educate you and your workforce. Therefore, you will understand whose data you hold, what data you hold, why you hold the data, how long you should retain the data for and where you are holding/storing the data.
Ongoing Management & Follow-up
GDPR is an ongoing and evolutionary compliance journey for every organisation and company. We assist you providing Data Protection Offcier services as well as high level support toy your Information Officer. In addition, we also assist you to keep the process and tools to capture consent in a structured way to maximise opt-ins, to adopt the technology to maintain up-to-date records of communication preferences. After that, we assist you to setup the protocols to define and the people to manage ‘legitimate interest’.