GDPR Business Support

Is GDPR The New PPI?

The General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in the last 20 years. This change has completely reshaped the way organisations need to handle, manage and maintain their data and data processes - affecting every sector from Healthcare to Oil and Gas. This is a space to share best practices, tips, useful tools and GDPR Support Services.

By Design

Evaluating if a software provider meets the requirements & standards you need is difficult and can be time consuming.  A great starting point is to carry out a DPIA (Data Protection Impact Assessment).

In Process

Having a good robust consistent process is equally as important as system design.  Make sure your documentation is clear, regularly reviewed and you have the means to check people are following it.

By Culture

Developing processes should be about more than just ticking the right boxes. It should be an integral part of your company culture with protection values at its core.

Top Tips For

GDPR Management

01. Data Mapping

There are lots of systems out there that claim to manage data mapping and ROPA (Record of Processing Activities). However Data mapping will only be successful in your business if you can align it with your existing business processes. Look at how you document and map your existing business processes. The next steps will be to data map each of these processes. If you don't have a process map of your business processes give us a call we can do this for you.

02. DPIA Impact Assessments

Knowing when you need a DPIA can be difficult, these questions below will help you decide if you need one. DPIA's are all about identifying risks and ensuring processes are put in place to mitigate these risks. We can provide DPIA as a Service if you are introducing something new in your work place.

1) Will/does it involve the collection of information about individuals?

2) Will/does it compel individuals to provide information about themselves?

3) Will/does information about individuals be disclosed to organisations or people who have not previously had routine access to the information?

4) Will/are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used?

5) Will/does the information about individuals of a kind particularly likely to raise privacy concerns or expectations?

6) Will/does it result in someone making decisions or taking action against individuals in ways which can have a significant impact on them?

7) Will/does it involve making changes to the way personal information is obtained, recorded, transmitted, deleted, or held?

8) Will/does it require someone to contact individuals in ways which they may find intrusive?

9) Will/does it involve you using new technology which might be perceived as being privacy intrusive?

03. Subject Access

Keeping costs down when it comes to Subject Access Requests can be difficult, the ICO has a detailed code of practice for managing Subject access requests. Legal advice will only be required if this process isn't managed effectively, however that doesn't mean this whole process should be managed by a legal firm.

These are the key requirements when managing this process however having the right people to communicate for you will save you time and money.

1) Understanding what information an individual is entitled to

2) Understanding what manifestly unfounded or excessive might look like within your organisation

3) Time limits for responding

4) Exemptions you need to know circumstances where information should not be disclosed

5) Positive approach in communication

04. Risk Registers

Capturing your organisational risks is absolutely crucial if you want to stay one step ahead in data protection. A good starting point would be to review the ICO's Data Protection Self Assessment to highlight some areas that may be at risk such as Starter & Leavers Processes. Click the "Useful Tools" links below for more information. 

Managed GDPR Support Services

What We Can Do To Help

DPIA Support

Care App Solutions Ltd provide external support in completing Data Protection Impact Assessments for your organisation. Get in touch to view our DPIA Questionnaire today.

Redaction Managed Services

We offer an experienced redaction service, we can also review and make recommendations on exemptions that need to be considered when dealing with a subject access request.

Support Per Hour

We know every organisation is different and requires focus on a variety of processes, therefore we offer Support on a Per Hour basis for everything from Data Mapping to creating Risk Registers. Please get in touch to find out more. 

GDPR Audit

We can provide extensive audits to help your organisation with compliance. Please use the contact form below for more information. 

Care App Solutions Ltd SC534162
 Ben Newe, 5 Cairnfield Place
Bucksburn, Aberdeen
AB21 9LT 

Copyright©CareAppSolutionsLtd All Rights Reserved

Give us a call or email
t: 08450 526736
m: 07763 133548