The General Data Protection Regulation (GDPR) marks a significant development in the field of EU data protection law by addressing the challenges resulting from today’s new technological developments and establishing a single European data protection legal framework.
The GDPR replaces the existing Data Protection Act 1998 and will be enforced from 25 May 2018. It applies to the processing of personal data carried out by organisations operating within the EU and by organisations outside the EU that offer goods or services to individuals in the EU.
Many of the UK and European businesses are unprepared and unfamiliar with its content and only have a short time to ensure that they are compliant.
BearingPoint is committed to help businesses comply with this new regulation ahead of the May 2018 deadline and beyond. We have developed a holistic GDPR readiness solution characterised by a customer centric approach. This solution is divided into 3 phases completed by an awareness and training programme which will help you embed privacy into your organisation.
We believe that, whilst GDPR introduces new data protection requirements which businesses will be required to comply with by implementing several organisation-wide changes, it also provides them with a unique opportunity to strengthen their relationship with their customers and build a data-aware business.
Our GDPR readiness solution will be executed in collaboration with our legal partner and the amount of time required to complete each of these phases will principally depend on the size of your business, your data protection maturity and the amount of personal data that you collect and process.
Our GDPR readiness solution
Phase 1. Quick scan assessment
We will conduct a GDPR compliance assessment, personal data inventory and review your customer experience to provide you with a clear picture of your current compliance with GDPR, what personal data you hold and what your current customer experience is.
Phase 2. Deep dive analysis and recommendations
We will conduct a detailed review of your existing privacy notices, contracts, data protection and IT/security processes and create personal data flow maps to identify and help you prioritise a set of actions to remediate any potential gaps and risks.
Phase 3. Compliance and customer experience programme
We will design and run a compliance and customer experience programme to help you implement the changes required to remediate the gaps and risks identified during phase 2. This will involve setting up and managing several work streams such as Governance & Monitoring, Contracts, Processes or Customers Journey & Experience.
Awareness and training programme
We will design and run a privacy awareness and communication programme to promote compliance and privacy within your business. This will include activities such as organising privacy awareness events or the setting up of a privacy network & nomination of privacy champions.
We will also develop and run a privacy training programme which will help mitigate your operational risks and demonstrate your commitment to data protection. This will include activities such as developing a GDPR quick reference guide or developing and delivering general privacy awareness training.