General Data Protection Regulation
The General Data Protection Regulation (GDPR) became enforceable on 25 May 2018 and affects all organisations that handle personal data of EU residents. In order to avoid being fined 4% of your annual turnover, it is important to ensure you are compliant – we are here to help!
Laven will assist your Firm in the analysis of the type of data it manages and processes as well as how information is transferred across jurisdictions. The analysis is a key requirement of the GDPR under article 35 which requires organisations to asses all of their data processing activities and their impact on the protection of personal data. Our analysis reviews the ways your Firm currently processes/manages data and breaks down each process and client data collection points, the corresponding workflow, and where these need to be adapted for GDPR. Our review includes reading your policies or related procedures as well as staff and departmental interviews. We then advise on action points, and how to update and/or create policies in order to comply with the GDPR. You can also purchase a template assessment excel based report to carry out your own assessment.
Laven offers a full remediation plan which covers GDPR compliant policies & procedures which are bespoke to your Firm. This will continue to involve team members from relevant departments, focused on the data protection officer, compliance officer or chief information officer to ensure that all Firm’s processes are captured within the policy documents. Your policies can be stored, and any changes audit trailed within Laven’s compliance software if desired. Draft templated notices, which you can work on independently, are also available via the button below.
Our policies include, where required, your Firm’s draft notice which is a document required by article 13 and article 14 of the GDPR, which provides individuals with clear and transparent information on how your Firm processes their personal data. Laven will create bespoke privacy notices to address your client base and employees which will highlight your compliance with the requirements of the GDPR principles of lawfulness, fairness and transparency. Draft templated notices, which you can work on independently, are also available via the button below.
Once you have all the appropriate documentation in place the GDPR also requires firms to demonstrate compliance and accountability through record keeping. Laven’s GDPR compliance software is designed to streamline the process of monitoring and record keeping in line with the regulation to ensure time frames and the principles are met. It includes fully searchable registers to ensure that monitoring is efficient. Draft templated policies, which you can work on independently, are also available via the link below.
Your Firm must ensure that the personnel working with personal data are trained appropriately in this area. The Privacy by Design principle expressed in article 25 of the GDPR requires the Firm to implement appropriate technical and organisational measures to ensure security for any Personal Data. Training is a key part of that. Further, the GDPR aims to change the culture around the handling of Personal Data within organisations and that is impossible without effective training.
Laven offers other regulatory online training courses.
The role of DPO may be conducted by an existing employee of your organisation alongside his/her existing duties. Laven can help you specify the role and responsibilities of a DPO; including one-on-one coaching for any incoming or existing DPO to ensure that they understand the extent of their responsibilities. Moreover, the same training may be offered to organisations which appoint a person responsible for data protection, without appointing a DPO.
We offer EU representative (EuroRep) services to non-EU firms, enabling proactive GDPR compliance with little to no interruption. EuroRep will be your Representative in all European member states, and the point of contact for customers and authorities in the EU regarding privacy. If you are an EU-based company and hold data on UK citizens the Information Commisioners Office (ICO) will require you to have a UK Data Representative.We have a long history of data privacy expertise and work openly with specialised consultants to ensure our clients' peace of mind.