A Baseline Understanding of Your GDPR Compliance
Completing the assessment will provide you with a complete understanding of your organisation’s compliance status for GDPR and all other relevant legislation.
Bridewell’s team will provide step-by-step guidance on any necessary improvements to achieve GDPR compliance (and alignment with other relevant frameworks).
Key Challenges Addressed
For organisations without a baseline understanding of where they are with compliance legislation, it is difficult to identify areas of non-compliance and take appropriate remediative action.
Typically, a shortage of in-house expertise or a lack of recess can prevent them from performing an in-depth gap assessment or audit. Given that such an assessment is the first step of maturing any data privacy programme and ensuring compliance with relevant legislation, this is a significant obstacle.
Beyond completing an assessment, understanding how to implement any necessary remediations also significant data privacy expertise and capabilities.
How It Works
Undergoing a GDPR Gap Analysis with Bridewell will provide an organisation with a comprehensive assessment of their data privacy maturity and a clear, step-by-step roadmap of future actions necessary to improve their data privacy maturity. Not only will this allow them to meet all data privacy obligations, it can fundamentally mature their overall data privacy programme.
During the assessment, Bridewell will:
- Evaluate your existing processes to develop a complete understanding of your business operations.
- Review the data you collect, access, and store and the legal basis for processing activities.
- Analyse data flows throughout their lifecycle and contrast these against the legal requirements of the GDPR and other data protection legislation relevant to your organisation.
- Assess your data privacy operations to ensure that each requirement is in accordance with the law and that technical and organisational measures align with the 6th Principle of the GDPR (integrity and confidentiality).
Bridewell have developed a framework which is used to evaluate and assess an organisation’s current standing with respect to data protection compliance. The framework is split across 10 domains to structure the consultant’s findings and recommendations in a final report format. The domains, with controls aligned to the requirements of applicable data protection legislation, NIST Privacy Risk Assessment Methodology and ISO27701:2019, are as follows:
- Organisational Context
- Governance, Risk and Compliance
- Data Flow Analysis
- Data Subject Rights
- Contracts & Due Diligence
- Privacy by Design & Default
- Breach Management
- Assurance Activity
- Information Security
- Awareness & Culture
Yes - Bridewell conducts a holistic assessment of the organisation, looking at all areas of the business and how the privacy framework applies across your entire infrastructure. This can also even include international transfers of data if your organisation operates in more than one country.
Data Privacy Insights
Ready to Take the Next Step?
We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.
Related Data Privacy Services
ISO 27701 Consultancy
Design, implement and review the foundation of your organisation’s cyber security program in consultation with a leading cyber security services provider.