Our GDPR Services
On 25th of May 2018 the General Data Protection Regulation (GDPR) will be enforced. Some companies in New Zealand will be effected by this new regulation. IISRI has simplified the GDPR requirements and reduced them to the following services to help you.
GDPR workshop
This workshop provides awareness and initial consultation on GDPR. It aims at providing you and your team a better understanding of the GDPR framework and how it effects your business in a quick and concise way. The workshop takes two to three hours and will be moderated by one or two of our consultants. If you wish to customize the workshop or have specific GDPR questions that needs to be considered we are more than happy to include them in the workshop.
GDPR website action plan
The first thing your European customers will notice is your website. Besides the potential high fines for non-compliance (up to €20 million or 4% of annual global turnover), a GDPR compliant website increases customer confidence in your business and differentiates you from your competitors. IISRI offers you therefore a website action plan service to ensure your customer facing website or portal is GDPR compliant. This includes reviewing your current privacy policy.GDPR business action plan
Since GDPR is a comprehensive framework that goes beyond your website and privacy policy we offer a business action plan service covering all data aspects of your business. Through interactive workshops, data analysis and/or interviews with your key personnel, our trained consultants will guide you through the maze of GDPR and give you a clear picture of your company’s action plan on a detailed level. They will identify the gap between your current and the required compliance status you should be according to GDPR. We will provide you a tailored action plan to comply with GDPR from a technical, process and policy perspective.
GDPR implementation service
Our technical and legal consultants will work with you to ensure that you meet the GDPR requirements. Depending on your current readiness, this could be as simple as updating your privacy policy, but it can also entail delivering a program of work. The activities range then from data mapping, risk assessment and privacy impact assessment till introducing new procedures, privacy by design and privacy enhancing technologies (PETs).
GDPR independent audit
GDPR requires organisations to demonstrate compliance with the principles of the GDPR. IISRI provides an assurance services in order to validate your compliance and deliver documentation you can share with the relevant data protection authorities. In case IISRI is involved in the implementation of the GDPR requirements, our partner will perform the audit to ensure independency.
After the audit organisations can request IISRI to publish their compliance status in the form of a privacy rating. This is then a free service by IISRI.
GDPR EU representation
GDPR requires companies outside the EU in certain cases to have an EU based representative who serves as the contact person for all issues related to the company’s processing of personal data under the GDPR. He or she must be in a position to communicate effectively with data subjects and to cooperate effectively with the relevant data protection supervisory authorities. IISRI provides you via our partners in the EU a representation service.GDPR Virtual Data Protection Officer
GDPR requires in certain cases companies to designate a data protection officer (DPO). Tailored to your privacy needs IISRI provides a Virtual Data Protection Officer (VDPO) service. The VDPO will support you by informing, advising, monitoring compliance and acting as your point of contact for the supervisory authority.
GDPR Management Platform
IISRI provides you (and your partners) a secure and ISO27001 certified GDPR management platform (GMP) to capture all your GDPR documentation, audit trails and reporting and share these securely with your representatives and auditors. With GMP you are in control of GDPR.