The General Data Protection Regulation (GDPR) became enforceable on 25 May 2018 and affects all organisations that handle personal data of EU residents. In order to avoid being fined 4% of your annual turnover, it is important to ensure you are compliant – we are here to help!
Laven will produce an informative memorandum to help you understand how the GDPR will affect your Firm. The memo can be used for internal guidance, to inform your Firm’s board or to educate staff. Laven’s memo will be customised to suit your Firm and provide guidance on next steps, action points and implementation. Alternatively, our generic memo, which you can work on independently, can be purchased via the link below.
Laven can review the results of any work already done in relation to scoping for GDPR impact, or carry out an overall assessment of your Firm, including an analysis of the type of data managed and processed as well as how information is across jurisdictions. This impact assessment is a key part of the GDPR and required by the supervisory authorities. We use a fully functional form to provide an end review report based on a gap analysis (see below) with the rules and principles of the GDPR.
The GDPR Data Flow Analysis is tailored to the Firm’s circumstance following the impact assessment. The analysis reviews the ways the Firm currently processes/manages data to analyse each process and client data collection point, the corresponding processes, where these need to be adapted for GDPR, and advise on action points of how to update and/or create policies in order to comply with the GDPR.
We can also carry out a Gap Analysis to identify where updates are required for your Firm to be compliant with the GDPR. We will visit larger clients onsite to assess processes and management of data. We collate that information into a report and offer guidance on how best to implement relevant changes to ensure compliance.
Laven can adapt existing policies & procedures to align them with the GDPR. This will involve conversations with team members from relevant departments to ensure they are aligned with the Firm’s processes. These policies can be stored and any changes audit trailed within Laven’s DCA software. This will ensure that monitoring is efficient once the GDPR is implemented. Draft templated policies, which you can work on independently, are also available via the link below.
We have created a GDPR monitoring plan to ensure that the core steps detailed in your policies and procedures are carried out. This, along with the online training, is the best line of defence in terms of protecting your Firm in case of being looked into by ICO. It is also part of the regulations to document compliance and the ongoing element is focused on this, helping you remember and save time as well as get it right. This will ensure that monitoring is efficient once the GDPR is implemented.
We offer GDPR online training tutorials to ensure that your Firm’s staff is familiar with the scope and responsibilities of the GDPR. We also offer an extensive library of online training modules across a range of regulatory and compliance matters including AML and MAR. We highly recommend our online training as the training of staff will be an important line of defense should the regulator ever have the need to effect any review of your compliance.
We offer EU representative services to non-EU firms, enabling proactive GDPR compliance with little to no interruption. EuroRep will be your Representative in all European member states, and the point of contact for customers and authorities in the EU regarding privacy. We have a long history of data privacy expertise and work openly with specialised consultants to ensure our client's peace of mind.