The principles of the General Data Protection Regulation (GDPR) are enshrined in UK law and failure to adhere to them can result in significant fines. Yet there is currently no concrete GDPR compliance process. At the moment it is advisable to use the organisational governance requirements provided by the Payment Card Industry Data Security Standard (PCI DSS) or ISO 27001 which provide a helpful framework. But it is still the responsibility of the organisation’s Data Protection Officer (DPO) or Chief Information Security Officer (CISO) to ensure that the additional requirements of GDPR are included in their systems.
Few organisations have the in-house resource to manage the full ongoing requirements of GDPR. This is because of the exacting demands of the role, making CISOs with specific GDPR expertise hard to find and expensive to employ. Most resident CISOs therefore benefit significantly from the added value, support and resource provided by industry experts with wider GDPR experience.
Many organisations require a higher level of support in fulfilling the CISO or DPO roles to meet the exacting requirements of GDPR. Engaging with an industry-respected GDPR team will ensure that all appropriate steps are taken in a timely and cost-effective manner.
I can advise and support on the strategic implementation of GDPR. I have operated in this environment for many years and can support organisations at any level, from strategic level engagement to taking on the full DPO role if required.
What I offer
- A personal point of contact for GDPR queries.
- A pre-audit exercise and gap analysis.
- Remedial action plan and roadmap.
- Strategic board level engagement (if required) to ensure company-wide commitment to GDPR implementation and training is secured.
- A wealth of experience in running exercises and working with policy makers to ensure that impact to the business is minimised.