GDPR Services

GDPR Solutions

The General Data Protection Regulation (GDPR) becomes enforceable on 25 May 2018 and affects all organisations that handle personal data of EU residents. In order to avoid being fined 4% of your annual turnover, make sure you are compliant before 25 May – we are here to help!

If you need assistance to ensure your organisation’s data flows have been properly assessed, to carry out a gap analysis or for the production of your policies, do not hesitate to contact us via the button below.



Laven will produce an informative memorandum to help you understand how GDPR will affect your Firm. The memo can be used for internal guidance, to inform your Firm’s board or to educate staff. Laven’s memo will be customised to suit your Firm and provide guidance on next steps, action points and implementation.

GDPR Impact Assessment

Laven can review the results of any work the Firm may have already done in relation to scoping for GDPR impact, or carry out an overall assessment of your Firm by reviewing office locations, focusing on each department and the processes it carries out. This will include an analysis of the type of data managed and processed. We will also consider how departments may share information across different jurisdictions, thereby focusing on those more likely to come in scope of the GDPR. This impact assessment is a key part of the GDPR rules and required by the supervisory authorities. We also use a detailed form, which contains definitions and is fully functional to provide an end review report based on a gap analysis (see below) with the rules and principles of the GDPR. It is available for purchase here.

GDPR Data Flow Analysis & Gap Analysis

The GDPR Data Flow Analysis is tailored to the Firm’s circumstance following the initial scoping of the impact assessment. The analysis reviews the ways the Firm currently processes and manages data to construct a report to analyze each process and client data collection point, the corresponding processes, where these need to be adapted for GDPR, and advise on action points of how to update and/or create policies in order to be compliant with the GDPR. Laven can also carry out a Gap Analysis to identify where updates are required for your Firm to be compliant with the GDPR. We will, for larger clients, be visiting you onsite to assess your current processes and management of data. We collate that information into a report and offer guidance as to how best to implement relevant changes to ensure compliance. The gap analysis tool is also available for independent use and can be purchased here.

Adaptation of Policies & Procedures

Laven will adapt existing policies and procedures to align them with the GDPR. This will involve conversations with team members from relevant departments to ensure they are aligned with the Firm’s processes. These policies can be stored and any changes audit trailed within Laven’s Digital Compliance Assistant (DCA) software. This will ensure that monitoring is efficient once the GDPR is implemented. Draft templated policies which you can work on independently are also available online here.

Ongoing Monitoring for GDPR

Laven have created a GDPR monitoring plan it to ensure that the core steps detailed in your policies and procedures are carried out. This, along with the online training, is the best line of defence in terms of protecting your firm in case of being looked into by ICO. It is also part of the regulations to document compliance and the ongoing element is focused on this, helping you remember and save time as well as get it right. This will ensure that monitoring is efficient once the GDPR is implemented.

Online Training

Laven offers GDPR online training tutorials to ensure that your Firm’s staff are familiar with the scope and responsibilities of the GDPR. Laven also offers an extensive library of online training modules across a range of regulatory and compliance matters including AML and MAR. We highly recommend our online training as the training of staff will be an important line of defense should the regulator ever have the need to effect any review of your compliance.


Latest from the Newsroom

ComplianceDue DiligenceFeatured

Front Office Intelligence – A New Digital Imperative

Speaking with senior management at large buy- and sell-side firms makes it clear that the (more...)


GDPR in full force days after deadline

The GDPR is, at the time of writing, exactly 6 days old and some of (more...)



THE BROKER DEALER QUESTION Micah A. Taylor for Institute of Compliance Accessing US Capital private (more...)