The starting point for most GDPR / data protection work that I do with businesses is a benchmarking / gap analysis audit based on standards and guidelines for SMEs set by the Data Protection Commission. Generally, this is usually a three to five day process outlined in some detail here but depending on the complexity of your business this process can vary. I do some initial information gathering and document analysis which would involve contracts and policies. Initial meetings and surveys are held with your compliance team and senior employees who would be responsible for HR, finances, data processing activities and third party vendors. Where you offer services, apps or online platforms, I investigate activites, data flows and stores together with you. Throughout the analysis, I analyse where you might act as a data controller or where you act as a data processor and identify controls you have in place that would relate to organisational and technical security measures. Where I identify joint controller relationships that may exist, I recommend actions to negotiate the correct agreements. I analyse if you are required to appoint a Data Protection Officer, perform Data Protection Impact and Legitimate Interest Assessments, and advise on recommended Records of Processing Activity (Article 30 Records). I advise on your procedure and policies for honouring data subject rights and how you manage incidences and data breaches. I prepare a final report for you that highlights gaps ranked by risk and present it in a session that can include training for your compliance team. An addition to this service would be for you to book a return visit for me to examine remediation and implementation of suggestions and amend your report.
DATA PROTECTION BENCHMARKING