Experts at analysing GDPR risk for businesses and advising on mitigation and process/policy implementation
At Peregrine, we have invested in developing real expertise on data protection and privacy particularly in light of the GDPR. On 25 May 2018, the General Data Protection Regulation will become effective in all European Union member states and will apply to all organisations operating in the EU (including non-EU businesses who provide goods or services to individuals in the EU). The expectation of the GDPR is that organisations will be fully compliant on that date. There will be no grace period.
There has been a lot of noise around GDPR particularly focusing on the new compliance burden and the penalties for data breaches. A lot of the coverage has been helpful for businesses but there’s also been scaremongering leading to the relevant UK regulator, the ICO (Information Commissioner’s Office) releasing a statement branding the GDPR as an evolution in data protection, rather than a revolution. This implies that if an organisation is compliant with the Data Protection Act 1998 (DPA) it will be largely compliant with the GDPR.
Complacency is not really an option however for any of us running companies and no one should underestimate the amount of work that may be required before 25 May and beyond. We are now working with our clients to identify what needs to be done within their businesses and how best to do it.
Our recommended GDPR strategy for clients starts with a simple 3 step process:
- Audit/Gap analysis – Peregrine prepares a questionnaire (tailored and relevant to your business in Europe) the answers to which will give us, for example, detailed information on what data you hold, how you hold it, how you process it, who you share it with (including internally across borders).
- Recommendations – Peregrine produces a report giving a series of practical recommendations for the client to ensure they are GDPR ready and compliant come 25 May 2018.
- Implementation – you, with our support if you want it, then decide how, when and who best to implement the recommendations and lead any requisite changes to policies and procedures.
Please contact our GDPR team leader Andrew Elishahoff or any of your usual Peregrine contacts if you’d like to discuss GDPR or any other operational risk management issue.