GDPR looms - what needs to be done?
As the GDPR clock ticks closer to the deadline hour, there's still a lot of work for most businesses to do to ensure GDPR compliance, readiness and overall comfort. There's a whole industry springing up in 'how to' seminars, but for those companies that have started down their path to GDPR, it's not about the basics - it's about getting everything over the line.
Increasingly we are seeing that the challenge isn’t the understanding of how to make data compliant, but the processes that will support this, both in terms of GDPR-readiness, and in terms of ongoing workflows that will future proof your business.
Could a consultant help?
Talmix consultants are independent with extensive experience gained in business and in world-leading strategy consultancies. For cross-organisation mandates like GDPR they can
• provide the objective insight to identify areas needing specific attention. This is particularly the case when data policies have been in place for a long time and the business is unsure of how compliant they are
• communicate the importance of compliance to every employee. One of the main issues with GDPR implementation has been that it has focused on the teams managing the data, rather than on all employee’s use of data
• create the frameworks, using their operational skills, to make sure that all 12 steps of the recommended approach can be followed and develop the workflows that deal with the critical aspect that GDPR is an ongoing process
• act as DPO in businesses which legally require this. Very few organisations will have the full set of skills in-house ready to take on this role. The hiring process is now time critical, and more importantly, very competitive. Using an independent consultant to bridge the gap and develop in-house colleagues to take on the role long-term, becomes a very expedient option for businesses yet to make this hire
Use Talmix consultants to address these more operational aspects of the 12 recommended steps to becoming GDPR ready:
Procedure audit. Talmix consultants have a high degree of expertise in developing operational processes. Your business needs to create a robust framework that ensures all the rights of the individual, including right to review, rectify and erase are covered involves more than just your data teams. and the expertise of an independent consultant can audit your current process and plan for your future options.
Workflow for subject access requests within the new timescales. This part of the plan is often overlooked: it has to be documented by the time GDPR launches. As a result, your workflow showing how any request is filtered and directed needs to be ready. A consultant can help understand the different sources, the different outcomes, and document the process and its interaction with all your systems which handle personal data.
Seeking and recording consent: building the bullet proof process. The issue of consent is the area where most ambiguity currently lies. A consultant can review all your processes and policies to make sure that data is obtained with the correct consent, and that ensuing processes will follow appropriately.
Handling data breaches: most data breaches are not the scary cyber attacks beloved of headline writers but result from careless handling by an individual. Every download of personal data becomes a potential risk, so making employees aware of their responsibilities, through to documenting the crisis management if the worse case scenario happens, becomes a complex workflow of identify to manage. Consultants can help with both the process and the communication to teams.
Talmix consultants can assist across your GDPR implementation. May is just around the corner, so bringing in resources to solve these issues and make your company more data aware, makes your business ready to work within the new regulation. Independent consultants from Talmix deliver a rapid return on investment and with the financial consequences of not being compliant, the value of this instant expertise is even greater to your business. You can engage a consultant from one day upwards - all you have to do is tell us your particular GDPR challenge now.
About the AuthorMore Content by Dorothy Mead