- Essex, GB
- £30 /hr
- Available now
I am data specialist with strong background data management and my work on General Data Protection Regulation (GDPR) involved end to end GDPR implementation. On data gap analysis,more...I am data specialist with strong background data management and my work on General Data Protection Regulation (GDPR) involved end to end GDPR implementation. On data gap analysis, my role involved engaging with stakeholders to understand their current compliance strategy, business processes and policies, identifying the gaps between the current stage and the GDPR requirement especially around recording of their processing activities (art. 30 by conducting data inventory exercises using the 5Ws and how of data such as; what the process is, why is the data processed? How long will the data be held for (retention)? What is the reason for processing (legitimate reasons or consent)? How is the data collected (is it directly or from third party), what type of personal data (category of personal data e.g. sensitive, children) who owns the data and data flow across the business both downstream and upstream flow.
Also reviewing policies and consent form to identify if there is need for retrospective consent forms to be sent out or if there is other means of processing. Reviewing privacy policies and amending it reflect GDPR compliance, writing DPIA and breach notification policies from scratch and engaging with legal team to review policies.
My previous experience as a data professional enabled me to give produce process flow on how best to implement DSARs request and how to have DSAR's request as an API embedded within existing system.
The road-map exercise typically depends on what stage the client is in their GDPR compliance journey but I generally follow the roadmap used by BSI which is proven and tested and involves all the key stages towards GDPR compliance
1. Designate a Data protection officer
3. Data Register or Data Inventory
4. Data flow diagram
5. Adequacy and non-excessive of data
6. Third party suppliers and processors
7. Consent Management challenging process
8. Data Retention
9. Data Subjects rights (Governance)
10. Data Subjects Rights (Technical)
11. Data Breach Response, difficulty level is lo
12. Keep data Safe and secure, difficulty level is challenging
13. Baseline Data Protection Impact Assessment (DPIA or PIA) using working party DPIA
14. Operational DPIA
15. Management Engagement
16. Processing records
18. Data Protection Policy
19. Privacy Notice