GDPR Implementation
The Client Problem
Our client supplies tailored corporate workwear, to over 4 million people in the UK and the USA.
With BREXIT taking place at the end of 2020, the client needed to ensure continued GDPR compliance for all of its business operations.
What the client needed
A GDPR workstream was very quickly established to:
- consider the current state of all GDPR relevant policies, documents and processes
- identify any gaps or non-compliance and
- support their mitigation and embedding of any new policies into the business.
The support you need in identifying the current state of the GDPR policies, documentation and processes and prioritising the mitigation of gaps or where updated are required prior to the end of the transition period.
PiC will provide a highly experienced, hands-on GDPR workstream lead with a successful track record in shaping and delivering GDPR compliant assurance and the development of mitigations to close any gaps.
The outcome from our work will provide:
A current state assessment of GDPR- relevant policies, procedures and documents
A prioritisation plan of activities required for the end of the BREXIT transition period ( 31st December 2020)
Amended documentation and policies.
What we did
The scope of work would include the following activities that are required to ensure Mi-hub GDPR compliance with the end of the BREXIT transition period:
Review existing client GDPR operationalised processes, documentation and perform gap analysis and against current BREXIT GDPR expectations. This will include:
DSAR’s process
Privacy & data collection notices
Data Protection Agreements (inbound/outbound). 2nd level sub processor agreements – understand any monitoring processes
Controller, joint-controller, processor statuses
Employee, vendor & customer personal information notices/disclosures.
Make recommendations to build the “defensible position” narrative for regulator, customer and vendor inquiries. Includes EU representation requirements & options
Assist Mi-hub to prioritise into a 2020 and 2021 execution plan
Assist to make changes where needed, using client resources where necessary
Support interview/selection of EU Representative(s).
Key Deliveries
The outcome from our work will be to provide Mi-hub with BREXIT-ready GDPR-compliance. From the gap analysis completed the work may also recommend prioritisation areas where Mi-hub should focus, post 31st December 2020, to meet or ensure ongoing compliance with GDPR or data protection regulations and good practice. These outcomes will be delivered through the development of:
Current state Assessment report, Gap Analysis & Recommendations report
Prioritised list of tasks and rationale for each prioritisation. Re-evaluation of next stage scoping & effort.
Amended documentation
Support selection of EU representative (as required)
Our outcomes will:
Aim always to deliver the agreed outcomes and be built on appropriate method to support realisation of those outcomes;
Be open and honest, making clear any concerns or challenges regarding direction, or to progress against plan, promptly and be diligent regarding appropriate quality and confidential; help develop your internal capability; and be delivered with a ‘one team’ ethos.