The General Data Protection Regulation (GDPR) applies to all UK organisations and has been in force since 25 May 2018. Any organisation that cannot demonstrate that it’s taking appropriate measures to protect personal data is breaking the law.
For most organisations, employing a full-time data protection specialist isn’t an option. You could engage one of the large data security firms to exaggerate the complexity of the task, overwhelm you with jargon and charge you a fortune. Or you could buy a do-it-yourself solution, cross your fingers and hope you’ll work it out.
Or, you could keep it simple and cost-effective with GDPR in a Box™.
GDPR in a Box™ is the most simple, cost-effective way for an organisation to achieve and maintain compliance with the GDPR. Our structured approach catalogues your data sets, identifies how the GDPR applies to each, analyses the measures that you have in place and identifies any gaps. Backed by our in-house legal team, our consultants design and implement the necessary controls to ensure that you achieve and maintain compliance.
See below for more information about our services.
Select either of our packages for simple, assured compliance.
Full Compliance Fix
With this package we use the GDPR in a Box™ framework and template materials. Our consultant carries out the complete compliance project, with assistance from you. Our legal team reviews the necessary legal notices and documents created to ensure suitability and compliance with the GDPR.
Ideal for organisations with limited internal resource or who want to achieve compliance quickly and effectively.
Assisted Compliance Fix
With this package we provide the GDPR in a Box™ framework and template materials to you. Our consultant gives remote training and advice to support you to work through the compliance process yourself. Optionally, our legal team can review the necessary legal notices and documents that you create to ensure suitability and compliance with the GDPR.
Ideal for simpler organisations with available in-house resource and/or a limited budget.
GDPR in a Box™ Compliance Fix packages are provided at a fixed-cost with no hidden extras for simple, assured compliance.
The Gap Analysis service is suitable for organisations that want a rigorous and comprehensive foundation for an in-house GDPR compliance project. It is also suitable for organisations nearing the end of an in-house project that want an expert review to confirm the extent of current compliance and highlight any remaining gaps.
Using the GDPR in a Box™ approach and backed by our legal team, we review your current personal data protection arrangements and set out exactly what you need to do to comply. Gap Analysis is a three-step process:
- Prepare – we catalogue the different sets of data that you hold and the various locations and methods of access to that data
- Identify – we use our proprietary Activ Comply legal compliance software to determine what the GDPR requires of you for each of your data sets
- Analyse – using a matrix, we compare the requirements of the GDPR to the controls you currently have in place for each of your data sets, and pinpoint where there are gaps
You’ll receive a comprehensive report that sets out your current compliance level, highlights any gaps, and provides a sensible, proportionate action plan to close those gaps. The report will also include a fully-costed proposal for us to support you to achieve compliance, should you wish.
The GDPR in a Box™ Gap Analysis service is provided at a fixed-cost with no hidden extras.
Simple, assured compliance.
Once your organisation is fully compliant with the GDPR, you’ll need to ensure that you maintain compliance on an ongoing basis.
For organisations with simple personal data processing activities, maintenance will mean no more than an annual ‘health check’ of the procedures and controls in place for personal data processing.
Organisations with more complex personal data processing activities will need to regularly update the information they record on their processing activities, undertake formal audits on their security controls, complete appropriate investigations into personal data breaches and may need to appoint a Data Protection Officer.
Our consultants can take care of ongoing GDPR compliance maintenance for you. Whatever your organisation’s needs, we offer an ongoing maintenance service tailored to your unique circumstances. Ranging from a simple annual check-up through to a fully-outsourced Data Protection Officer service, our expert consultants will ensure that you remain compliant at a fixed price.
Simple, assured compliance.