GDPR Implementation

The Client Problem

Our client supplies tailored corporate workwear, to over 4 million people in the UK and the USA.

With BREXIT taking place at the end of 2020, the client needed to ensure continued GDPR compliance for all of its business operations.

What the client needed

A GDPR workstream was very quickly established to:

  • consider the current state of all GDPR relevant policies, documents and processes
  • identify any gaps or non-compliance and
  • support their mitigation and embedding of any new policies into the business.

The support you need in identifying the current state of the GDPR policies, documentation and processes and prioritising the mitigation of gaps or where updated are required prior to the end of the transition period.

PiC will provide a highly experienced, hands-on GDPR workstream lead with a successful track record in shaping and delivering GDPR compliant assurance and the development of mitigations to close any gaps.

The outcome from our work will provide:

A current state assessment of GDPR- relevant policies, procedures and documents

A prioritisation plan of activities required for the end of the BREXIT transition period ( 31st December 2020)

Amended documentation and policies.

What we did

The scope of work would include the following activities that are required to ensure Mi-hub GDPR compliance with the end of the BREXIT transition period:

Review existing client GDPR operationalised processes, documentation and perform gap analysis and against current BREXIT GDPR expectations. This will include:

DSAR’s process

Privacy & data collection notices

Data Protection Agreements (inbound/outbound). 2nd level sub processor agreements – understand any monitoring processes

Controller, joint-controller, processor statuses

Employee, vendor & customer personal information notices/disclosures.

Make recommendations to build the “defensible position” narrative for regulator, customer and vendor inquiries. Includes EU representation requirements & options

Assist Mi-hub to prioritise into a 2020 and 2021 execution plan

Assist to make changes where needed, using client resources where necessary

Support interview/selection of EU Representative(s).

Key Deliveries

The outcome from our work will be to provide Mi-hub with BREXIT-ready GDPR-compliance. From the gap analysis completed the work may also recommend prioritisation areas where Mi-hub should focus, post 31st December 2020, to meet or ensure ongoing compliance with GDPR or data protection regulations and good practice. These outcomes will be delivered through the development of:

Current state Assessment report, Gap Analysis & Recommendations report

Prioritised list of tasks and rationale for each prioritisation.  Re-evaluation of next stage scoping & effort.

Amended documentation

Support selection of EU representative (as required)

Our outcomes will:​

Aim always to deliver the agreed outcomes and be built on appropriate method to support realisation of those outcomes;

Be open and honest, making clear any concerns or challenges regarding direction, or to progress against plan, promptly and be diligent regarding appropriate quality and confidential; help develop your internal capability; and be delivered with a ‘one team’ ethos.​



MORE CASE STUDIES

WE WOULD LOVE TO HEAR FROM YOU

GET IN TOUCH

    The information you submit will exclusively be used to answer your enquiry. Find out exactly how we store and use your personal data in our privacy policy.
    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.