Things are going to change both in Guernsey and Jersey on the Data Protection front. The catalyst is the General Data Protection Regulation (GDPR) from the EU. Shortly the islands will find themselves in a measuring up exercise against the GDPR and laws and practice can be expected to change in anticipation. Compliance will become mandatory from May 2018. For an overview of what this means please read What you need to know about impending Data Protection changes.
The penalties for non-compliance are potentially huge (£20m or 4% of revenue) and likely to be vigorously enforced. Your protection is to invest in getting your data protection right.
We help with advisory services relating to the whole journey (discovery, initiating privacy by design and by default, etc) and help provide some of the important roles that will become a part of your data protection regime. Our services include:
- Help performing risk assessments
- Provision of outsourced Data Protection Officer capabilities
- DPIA’s when required (e.g. on mergers and acquisitions, new service lines)
- Help enshrining the Principles into your systems, contracts and processes
- Mapping of personal data and the right tools for discovery
- Design of breach management and response protocols
- Help with code of conducts or certifications when planning to use adherence to these to demonstrate GDPR compliance
We shortly hope to be able to help with Cyber Essentials certifications also and are in discussions with partners about the provision of nominated .