12-Month Compliance Plan
The GDPR came into force on the 25th May 2018 and in Guernsey the end of a Transitional Period expires in May 2019. Running to 88 pages, with 173 recitals and 99 articles the GDPR is a comprehensive law which transformed the way organisations approach the management of personal data. Meeting the requirements of the new law can appear to be a daunting task but BDO can help with our 12-month compliance plan.
Responsible Data Management
BDO have a structured, best practice approach to helping companies define the necessary frameworks, policies and procedures to ensure compliance as well as facilitate those essentials changes to instil a culture of "responsible data management".
Taking a Data Protection Impact Assessment (DPIA) as the starting point, the 12-month plan is then tailored to fit each organisation precisely, based on its needs, its existing data protection regime, the resources available and the risks it is exposed to.
The GDPR defines 6 high-level principles for the treatment of personal data and 8 specific rights for individuals.
BDO have defined a series of best practice procedures that embody these principles and rights to help organisations achieve compliance in the most effective way possible. Our 12-month plan is built around the careful and structured application of BDO best practice.
Complying with GDPR will require organisational change, from the definition & revision of policies, through the creation of new key roles to end-user training. The successful and sustained delivery of each element is vital to achieving that culture of ‘responsible data management’. The 12-month plan draws on BDO’s extensive experience of change management to ensure the necessary changes are delivered on time, in the correct sequence, with the appropriate level of communication and training and, most importantly, are successfully embedded within the organisation.