As well as providing training and a GDPR Toolkit (details below) I also provide extended support to people who have attended training, bought the toolkit, or just need some friendly guidance. The GDPR Toolkit can be found here http://www.adaptconsultingcompany.com/gdprtoolkit/ Jersey Business as supporting the GDPR Training and they can be found at https://www.jerseybusiness.je/get-advice/it-office-systems/data-protection-small-business/
Useful guidance on GDPR (especially if in many jurisdictions)
Key points re Privacy Notices
The purposes of the processing and the legal basis for the processing
The recipients or categories of recipients of the personal data
The details of the legitimate interests of the business, where the processing is based on those interests
The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period
The details of the legal compliance mechanism which legitimises the export of personal data from the European Union, including how copies of the applicable contracts or other documents may be obtained
The existence of automated decision-making, including profiling, and details of the logic involved and the consequences of that processing
The existence of the data subjects rights, including the right to have personal data corrected, deleted or restricted, as well as the right to data portability
The data subjects right to lodge a complaint with a supervisory authority
Key contents re Privacy Impact
A description of the expected processing
An assessment of the processings necessity and proportionality in relation to its purposes
An assessment of the risks to the rights and freedoms of the data subjects
The measures envisaged to address these risks, which may include safeguards, security measures and mechanisms to ensure the protection of the data
Key points re Breach Notifications
Identify an appropriate incident response team, including representatives from IT, security, legal, compliance, risk management, communications and customer service.
Ensure that the members of the incident response team are sufficiently trained and prepared. Training should include occasional tabletop exercises that simulatea data breach and require the team to confront the types of issues they would face in an actual incident.
Prepare an adequate incident response plan that provides guidance for critical incident response tasks, including identifying cyber incidents, assembling the incident response team, complying with the GDPR and other notification obligations, communicating internally and externally regarding the incident, making decisions about affected systems, conducting forensic investigations, and developing and implementing remediation strategies.
Take appropriate technical measures in cooperation with IT specialists to render the organisations data unintelligible in case of breaches.
Review existing insurance coverage for cyber incidents to identify gaps in coverage, and remediate them.
Ensure that data breach reporting obligations are reflected in contract T&Cs
See more at
Make sure you take necessary measures before downloading anything from the internet!
+447797762051 Skype: timhjrogers TimHJRogers@gmail.com