Once your organisation has carried out a data audit and gap analysis, you should have a clearer idea of which areas are non-compliant with GDPR and Data Protection Act 2018 requirements. The next step is to prepare and implement a plan to address these issues. This could involve, for example, reviewing and updating policies and outsourcing arrangements and contracts.
We can review and where appropriate redraft any policies you use concerning the collection or processing of data within your organisation such as:
- Privacy notices – These are designed to give individuals a full, clear picture of how and why their information will be processed. The GDPR is prescriptive in what must be included in such statements.
- Terms and conditions – Where you provide goods or services to customers you may use terms and conditions to govern your relationship. It could be a good idea to update your standard terms to ensure they are GDPR compliant.
- Internal privacy polices for staff – It is useful to update these in light of GDPR to ensure they adequately cover any new requirements and/or information security steps adopted by your organisation.
We can conduct reviews and provide redrafts of any contracts you have in place such as:
- Data sharing agreements – These apply if you contract to share data with another organisation either regularly or on an ad hoc basis.
- Processor and supplier agreements – These are used where you engage another organisation to process any data on your behalf, for example payroll services and IT providers.
For more on GDPR requirements please see our What is GDPR? page.
Our Data Protection and Information Security team is well equipped to assist your organisation with addressing any areas of non-compliance with GDPR that require legal input. What this will involve will differ from organisation to organisation and will very much depend on the outcome of any audit and gap analysis.
Our GDPR Compliance service follows seamlessly from our Audit and Gap Analysis service but can also be a standalone service, perhaps if you have already identified what practical steps your organisation intends to take.
Please call us on 01382 229111 for practical advice and support on how Thorntons can assist you with ensuring your organisation complies fully with the GDPR. Or complete our online enquiry form and an expert in our Data Protection and Information Security Team will call you back.