Our Brexit readiness assessment covers the three key actions, and around 150 supporting smaller tasks, required to keep your data flowing after Brexit. We will help you make sure you have completed all the work you need to do to comply with the law and protect your processes.
Our assessment is based on our GDPR Gap Analysis and covers the same 9 areas:
Governance
The extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.
Risk management
Your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.
Privacy by design
The extent to which data protection by design has been incorporated into the development of your systems, services, products and/or processes.
DPO (data protection officer)
Whether your organisation is required to appoint a DPO, whether one has been appointed and, if so, whether they meet the Regulation’s requirements.
Roles and responsibilities
The extent to which your organisation has defined and established appropriate roles and responsibilities, and delivered appropriate training and awareness.
Rights of data subjects
The processes your organisation has implemented to facilitate and respond to data subjects exercising their rights under the GDPR/DPA 2018.
PIMS (personal information management system)
The extent to which data protection accountability, responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance are in place and operating throughout your organisation.
ISMS (information security management system)
Your organisation’s arrangements for privacy risk management, the extent to which information-specific risks are incorporated into corporate risk management, and the extent to which risks to the rights and freedoms of data subjects are addressed.
Scope of compliance
Whether your organisation has clearly defined the scope of its GDPR compliance, taking account of all data processing in which it has a part, whether as data controller or processor, as well as any data sharing