As discussed in a previous article GDPR is coming into effect as of May 25th 2018. The facts are apparent, the consequences laid out, but how do you put into place actionable compliance mechanisms?

SMEs need to immediately internally evaluate all operations related to, and interacting with, client and users data and set to align these with incoming legislation.

 

Where to start?

At Clear Strategy we have outlined 5 steps for SMEs to bring them from a no knowledge GDPR position, to a fully compliant and protected enterprise, all the while maintaining previous operational efficiency throughout.

 

Review

Review all facets of client facing and interaction points of your business. Simply speaking if your business acquires personal data to generate user accounts, process payments, send promotional material or even tracking CPCs (cost per clicks) through a web page and much more, you’ll need to evaluate your data protection mechanisms and examine the new data usage parameters.

Clear strategy makes this simple. We utilise a robust process of internal surveys, combined with our scoring algorithm to present a GDPR readiness level to clients. Upon reviewing this it is unequivocally apparent where efforts need to be focused in order to prevent forthcoming penalisation.

 

Evaluate

The ‘Maturity Assessment’ model introduces stage two, the evaluation phase. The Evaluation stage gathers all data and results from the ‘Review’ phase and provides insight to clients and Clear Strategy showing where immediate actions are needed.

Scored under 12 comprehensive headings our maturity metric reveals where the weaknesses and strengths of a particular client’s GDPR readiness lie.

 

Action

These metric’s results allow us to take efficient and correct actions working to solve your issues with bespoke solutions, providing tailored advice to clients, from hands-on DPO (data protection officer) position assignment or training, to ad hoc consultancy and advice. Clear Strategy put the metrics in place with the prioritisation of tasks in standardised form and assistance to complete them.

Prioritisation is a key philosophy to our success

Results

The results of putting the previous stages into action is that your business will be aligned with GDPR legislation alleviating you from the risk of fines. However, there are notable lapse points in the future, thus one must maintain the modus operandi throughout the lifetime of the business. Clear Strategy works with companies before, during and after May 25th to ensure all facets of the business operations are sustainable and resilient to the effects of daily changes in a business. This can involve drawing up process mapping documentation for new employees, as well as setting out clear attainable information for each client’s customers.

 

It’s imperative that GDPR is embedded into all business practices, this is at the forefront of Clear Strategy’s focus. Clear strategy ensures ongoing compliance for a more efficient organisation

 

Going forward

A lot of organisations have survived the GDPR transition to date, however, the true measure or real test is yet to come. Transitioning from a compliance program to business as usual, will be a challenge. New business processes that have been put in place will act as a true measure of GDPR compliance.  

 

We structure our DPO services into three distinct phases, each phase having a particular focus on specific activities. Clear Strategy’s significant experience in Data and Information projects, and Process Improvement projects in addition to our custom-built GDPR artefacts proves very beneficial in helping our customers transition to ‘business as usual’.

 

If you find yourself unsure of what to expect next or you are sceptical about the accuracy of your implementation then contact our GDPR specialist team at info@clearstrategy.ie who make GDPR their personal business.

 

David Fitzpatrick

Clear Strategy.

david.fitzpatrick@clearstrategy.ie

Leave a Reply