General Data Protection Regulation (GDPR) is an EU directive, effective from 25th May 2018.
It creates a standard approach to the processing and use of personal data across Europe, with the risk of significant fines for non-compliance.
GDPR says that personal data should be:
Lawful, appropriate & fair – in the way that it is processed;
Collected for a specific purpose – and retained in a manner compatible with that purpose;
Adequate, relevant & Limited – to what is necessary in relation to the purposes for which it is processed;
Kept no longer than is necessary;
Accurate & up-to-date – in keeping with the technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of individuals;
Processed securely - using appropriate technical or organisational measures, which will protect against unauthorised or unlawful processing and accidental loss destruction or damage.
Become GDPR fundamentals certified
GDPR gap analysis
Technical consultancy to put IT infrastructure controls and systems in place to meet the standard.
Lucid gathered all evidence and managed the certification process.
GDPR fundamentals certification in 5 working days.
Compliance towards GDPR
- Clients trust that company data is adequately protected.
- Personal is processed securely to reducing the risk of a data breach.
As a data controller and/or processor, GDPR expands on and replaces the current Data Protection Act, and creates new responsibilities if you’re handling special categories of information.
Examples of where you may be collecting and processing this data include:
Direct marketing through an email mailing list
Personnel discussions via instant messenger or email
Customer data input into CRMs, cloud management systems etc.
GDPR makes it your responsibility to safeguard that information, and ensure it's processed legally and fairly.
At Lucid we’re committed to helping clients implement the practical IT actions needed in response to GDPR.
Our advice to clients is to avoid the uncertainty surrounding GDPR, create an action plan, and use your compliance journey as an opportunity for organisational improvement.
GDPR Fundamentals is a data protection standard devised to assist organisations in their efforts to comply with the GDPR directive.
It applies to any organisation that is a:
Data Controller – collects personally identifying information and determines how it is processed
Data Processor – processes personally identifying information on behalf of a data controller
Operates in the EU
Handles information concerning data subjects located in the EU
QG Management Standards have applied the Cyber Essentials methodology to the requirements of GDPR, producing the only practicable framework available in the UK to assist with compliance.
The methodology is delivered in the form of a questionnaire, which our GDPR fundamentals practitioners use to assess your systems and policies against the demands of the standard.
Lucid's ABC approach to GDPR certification
We break the roadmap to compliance with the GDPR Essentials standard down into a three-stage process, making it ABC simple:
A consultancy engagement to identify a gap analysis for GDPR
An Action plan presented to all key stakeholders
B. Business actions
Targeted and practical solutions including:
Training and education
Once you’ve acted, you’ll then be ready for…
With risks identified in A and mitigated in B, you’ll be ready for GDPR Fundamentals certification.
Our qualified practitioner will undertake a final consulting engagement, allowing them to gather the evidence necessary to demonstrate your achievement of the standard, before reporting to the awarding body on your behalf.