Many organisations will be undoubtedly nervous and put off about the regulation and the impact it will have on the business. This will be coupled with some scare mongering your organisation will be responsible for ensuring compliance with the new regulation in terms of handling and protecting personal data. The regulation itself is now much more involved than the act it replaces and it could lead to substantial penalties for non-compliance.
Organisations will become liable for any damage resulting from data breaches. Whilst for many this could be a large change programme, for many more, particularly small to mid-size businesses, it could be a new set of activities which need to be understood, managed and complied with
Purple provides expertise in GDPR and has developed a GDPR readiness assessment supported by a portfolio of services to help organisations ensure they are compliant through practical but effective responses to the key tenets of the new regulation. Purple’s position on GDPR is that every organisation should embrace this as a positive move, rather than looking at the investment required to be compliant, use this as a good PR exercise to demonstrate to your customers and staff that you take their data privacy seriously.
How Purple can help:
* Data Readiness Assessment
To meet the regulation, a detailed analysis will be undertaken within the organisation to assess the maturity of data within people, process, policy and technology. Following the assessment, a score and report will be provided along with a transformation map on required remedial works for compliance.
* Remedial Works
Following the initial assessment, Purple can support clients in producing policy documentation, process definition, technology gaps and training requirements to begin imbedding a privacy by design culture into the organisation.
* Policy & Contract
Defining and agreeing policies and contract amendments plays a critical part in showing compliance with the regulation. Purple can support your organisation in developing these to demonstrate data maturity within the organisation as well the third parties you deal with.
* Third party data due diligence
How data is sourced and used between third parties’ changes fundamentally. Carrying out sufficient due diligence on how data is acquired and managed is critical in order to avoid any technical breach. Purple can support your organisation in carrying out the right level of assessment in order to hold your organisation harmless from any incident.
Purple offers a range of services from GDPR Readiness Assessments, to DPO as a service, to Benchmarking.
Case study – GDPR
Purple partner with the Copyright Licensing Agency (CLA) to assist them on their journey to GDPR compliance.