How to prepare for GDPR?
With organisations expected to comply with GDPR from 25 May 2018, it’s essential that you start planning your approach soon. To understand what you need to implement, start by considering the following:
- If you already comply with the UK Data Protection Act 1998 (DPA) this will remain valid under GDPR, so it’s a great starting point. It’s also important to understand any gaps you may have between the two regulations.
- Identify what new processes or procedures you need to implement and start employing data protection by default in your processes
- Designate a representative to manage your data protection compliance and name your organisation’s details and point of contact
- Start keeping records of the data you hold, where it came from, how you use it and who you share it with
- Check your processes and procedures to ensure they cover the individual’s rights and review how you seek, record and manage consent.
How can Lloyd's Register help?
Data Protection Impact Assessments - DPIA
DPIAs can be used to identify and fix potential issues at an early stage and are an effective way to take a ‘data protection by design’ approach. Lloyd’s Register’s risk management specialists have an in-depth knowledge of GDPR requirements and data protection risk methodologies so are ideally placed to help you with your DPIAs.
Data mapping and classification assessment
GDPR requires high risk, data processing organisations, as well as organisations with more than 250 employees, to maintain their data processing activities. It requires you to know what personal data you hold, where it came from and where that data goes. Lloyd’s Register’s data mapping and classification service can help you identify the data flows throughout your organisation.
GDPR Gap Analysis
If you’re at an early stage of preparing for the Regulation, a GDPR gap analysis is a great way to review your critical, high risk or weak areas of your systems and processes. Lloyd's Register can support you with an on-site assessment of your current level of GDPR compliance to help you and your organisation identify what areas to address before the regulation applies in May 2018.
GDPR Readiness Assessment
If you are unsure where to start with your GDPR preparations, Lloyd's Register’s detailed Readiness Assessment will leave you with a clear road-map to compliance. This on-site assessment will review your current practices against the requirements of the GDPR.
GDPR Controls Assessment and Attestation
GDPR requires your organisation to take adequate measures to protect the personal data within your organisation. Lloyd's Register can deliver a GDPR Controls Assessment using a risk-based approach to evaluate the effectiveness of the technical and organisational measures that you have in place to ensure the security of your data processing.
BS 10012:2017 gap and certification
BS 10012 is the new management system for personal information management and has been written to specifically address GDPR. It will help you to implement processes and procedures to manage an individual’s personal data effectively.
ISO 27001 gap and certification
ISO 27001 is the information security management system that can help you to implement information security policies, controls and processes. Gaining certification shows commitment to meeting the requirements of GDPR; demonstrating both compliance and accountability.
ISO 22301 gap and certification
ISO 22301 is the international standard for business continuity management and can help you identify any potential threats that may exist in your organisation, the impact on your organisation should an incident occur and how to guard against them. In this context it provides the perfect mechanism for managing data breaches.