NCC Group is skilled at operationalising the GDPR, balancing sufficient and perfect privacy to make it work for your business.
The General Data Protection Regulation (GDPR) replaces the 1995 EU directive (Directive 95/46/EC ) and was introduced in May 2016 with full enforcement due in May 2018.
To meet the needs of this changing landscape we provide a range of GDPR services across the privacy lifecycle.
Our privacy services cover all elements of the lifecycle
GDPR awareness – workshops of variable length covering the key changes coming with GDPR. Delivered to all key stakeholders across the business, including marketing, IT, HR, finance, security, operations, etc.
GDPR training – one-day foundation level course which focuses on helping you and your organisation better prepare for GDPR and demonstrate compliance. As well as our public courses we can provide an in-house course for your organisation.
Data mapping – identifies the personal data that is collected, created, received, processed, stored and shared by an organisation. Provides a view of how that personal data moves around the various internal/external processes/applications/systems.
GDPR health check – assesses an organisation against the requirements of GDPR through a combination of document review, workshops and interviews with key stakeholders. Output provides detailed findings and actionable recommendations.
Strategy & remediation – tailored support to privacy programmes, including providing external, independent representation on privacy steering groups. We offer a GDPR policy and procedure set that we can bespoke for clients.
Data Protection as a Service – GDPR allows for the outsourcing of data protection, including the Data Protection Officer. We can provide services such as Privacy Risk Screening, Data Protection Impact Assessments, GDPR remediation and M&A-related activities.
One-day foundation course
The course will provide you with an overview of the new legislation and the practical steps your organisation must take to demonstrate compliance.
By attending the course, you will learn:
- An overview of the data protection landscape
- The key differences between GDPR & the UK Data Protection Act
- The six GDPR privacy principles
- The rights of data subjects
- Who needs to be involved in your roadmap to compliance
- The conditions for fines being imposed & the articles which trigger fines
- How to keep data secure & demonstrate governance
GDPR Compliance audit for cloud
Cloud service providers that process personal data will face significant scrutiny during this coming year, given that their customers are potentially liable for any breach of the regulation.
Not only do you need to be fully aware of the cloud services being used within your organisation, but you also need to understand the services your employees are using too.
Personal data is often found in emails and unstructured content such as documents that are stored in cloud services and not monitored by IT departments.
Ahead of GDPR coming into force in 2018, companies must implement measures to give them visibility of these cloud services and bring them under their control, to ensure compliance.