GDPR is about the law – not box ticking, and certainly not scaremongering – it’s simply designed to improve personal data handling. There are consequences if you don’t comply – but it recognises the need to weigh the costs of implementation and likelihood of risk as it relates to your business.
Because we know you, we can make that judgment affirmatively:
It’s vital to properly gauge the extent to which GDPR actually affects your company – and from there, identify what steps you need to take commercially, operationally and at management level – but steeped heavily in legal analysis and scoping of your contractual relationships with:
We’ll identify your capacity as controller or processor and whether that role is shared with others
We’ll assess the lawfulness of your data processing and how to configure your compliance
We’ll make sure that legally and commercially you are not exposed and that you practice compliance in proper context
What information you need to give to data subjects, what rights do your customers have? Do you use automated processing or profiling?
How will you deal with personal data security breach?
What records do you keep?
Above all, what does GDPR really mean for you?