Many organisations that will require a DPO will not be able to attract or justify paying for an individual that meets the capability and seniority requirements. We can provide a DPO service to overcome these issues
Satisfying subject access requests can require a very significant amount of time and effort. Gathering the data, filtering out the irrelevant records, making decisions on what is necessary to include and redacting information appropriately can turn one SAR into a project in its own right.
Where there is a high risk to the privacy of the individual from a changed business model or use of data, it will be necessary to complete a DPIA / PIA. We are leaders in Ireland and Europe in providing these services.
A data protection audit provides you with assurance of your compliance efforts to date, taking into account GDPR and national laws
Generally, organisations are taking a risk based approach to GDPR. As such they may not be fully compliant with all aspects of GDPR from May 2018. Becoming compliant will continue to be a requirement for organisations. Guidance from the European Data Protection Board, will refine our understanding of what is compliant and drive operational changes.
Responding to regulation and case law
We do not yet know how the regulation will be applied and interpreted by either regulators or the courts across Europe. Based on the application of the law it will be necessary to update policies and procedures of organisations.
Achieving accountability, risk assessments & compliance reviews
Assessing and testing compliance is an ongoing requirement of the GDPR and especially relevant as the regulatory interpretation unfolds
In the event that the worst does occur, stopping the breach, identifying the impacted data subjects, assessing the impact and required response is critical.
Most organisations have chosen to minimise the technology investment that they will make for the May 2018 deadline. In the medium term, technology enablement will be required to reduce the cost of compliance. We support organisations in identifying, procuring and implementing these technology solutions.
Privacy and GDPR training
Training staff is critical to compliance. We have a suite of training material focused for specific audiences and updated to reflect how the GDPR is being interpreted across Europe. Our experienced consultants will support the delivery of the training or customisation for delivery through a learning management system.
Developing internal control models for privacy
May 25th 2018 is day 1 for GDPR compliance. Ensuring ongoing compliance will demand an appropriate and effective control model. Mazars can support the delivery of the necessary model.
The GDPR encourages the development of certification standards that will allow organisation to clearly demonstrate to stakeholders that they are compliant with the regulation. Mazars are working with compliance bodies to develop and implement such certifications. Meeting the Regulation’s requirements and protecting data subject’s rights is a challenge that faces every organisation. Mazars offers a range of privacy consultancy and data protection advisory services to assist you in identifying, planning for and meeting your data protection obligations.