General Data Protection Regulation - (GDPR)
With its blend of information management and programme management experience, CRITICAL P3M is an effective partner in creating and implementing your GDPR compliance roadmap.
What does GDPR mean for your organisation?
The General Data Protection Regulations will become law on 25 May 2018 and will substantially increase the requirements placed on businesses with regards to managing personal information.
Calling it the “biggest change in data protection law for a generation”, Elizabeth Denham, the UK Information Commissioner said that GDPR “is about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation”.
This framework is built with new rights for the data subject, such as the right to erasure, and an overhaul of the basis for processing at the first place. In short, GDPR puts the data subject (your customers, prospects, staff, members…) firmly in control of their personal information.
How can you optimally respond to these new requirements?
As well as the legal implications, GDPR involves a review of your processes, people, technology. We believe that only such a systemic approach (as opposed to an ICT or a Legal-led approach) will provide for the “privacy by design” required by the new legislation.
First the organisation needs to understand what personal data it holds, what are the points of entry, and then what governance and processes are applied to the data. Whilst this may be simplistic in some cases, the GDPR requirements quickly increase the processes' complexity, such as allowing the right to portability, and (where required) informed, granular consent for processing, and managing the situation when consent is withdrawn. You should also carry out privacy impact assessment in some situations.
In short, GDPR is a mix of interlocked problems.
In short, GDPR is a mix of interlocked problems.
Our agility and ability
to customise our actions
will allow us to
minimise your costs.
to customise our actions
will allow us to
minimise your costs.
Our approach to an optimal solution:
Whilst technology will help with the processing, there is no silver bullet, and it may require a substantial investment that your organisation may not be able to afford in the short term.
We believe that the approach should be a compliance programme, focused on the required outcomes meeting the legislation’s requirements, assessing and mitigating the risks. The programme's roadmap should include discrete but interdependent projects covering the activities leading to compliance.
We will also help keeping a focus on risk management and having a proactive response plan to mitigate those risks.
With its blend of information management and programme management experience, CRITICAL P3M is an effective partner in creating and implementing your GDPR compliance roadmap. Additionally, our agility and ability to customise our actions will allow us to minimise your costs.
CRITICAL P3M Ltd.
First Floor, Lipton House
First Floor, Lipton House
Stanbridge Road
Leighton Buzzard
Leighton Buzzard
LU7 4QQ
Company registration number 9979129
You may read our Privacy Notice.
(c) copyright CRITICAL P3M 2021 - Note: AXELOS, the AXELOS logo, the AXELOS swirl logo, P3M3®, P3O® are registered trade marks of AXELOS Limited.ited.