The internet is full of checklists and summaries aiming to make GDPR compliance look easy. The reality is that you need to know more than these articles are providing and you more than likely need help. The GDPR is a significant piece of legislation that needs commitment from your organisation if you are going to achieve compliance. This is especially important if you have not really paid much attention to its predecessor, the Data Protection Act.
The GDPR challenge
Even the best intentioned are struggling to work out what to do and where to start. Organisations are worried about the past and do not know how to tackle the future. Any cursory search of the internet for help leads to an avalanche of content which only serves to make organisations more worried, leading to them putting off doing something about the challenge.
‘Solutions’ that do not work
There are many companies willing to offer audits that basically translate into: ‘we will charge you a fee for telling you what you haven’t done and then offer to fix your problems for an even larger fee’. You’ll also find companies offering you free checklists that instil worry about what organisations are missing from their compliance, with the end goal of charging heavily to fix it. And there are endless summaries. These summaries are fine for familiarisation, but no good for getting the work done and often leave you confused and worried about the lack of detail.
The problem with all these approaches is they do not take into account the uniqueness of each individual organisation. Every organisation is different. Therefore, a simple summary or checklist is not enough for compliance. Any outside data protection compliance exercise is going to have to get to the bottom of what personal data your organisation has and what you do with it. The only person who knows the answers to those questions is you!
Let’s take an example. The GDPR requires organisations to keep personal data no longer than is necessary. A recruitment consultancy will need to keep a candidate’s CV for a certain period of time. However, a company which only recruits an average of three people a year will need to keep a CV for a different period of time. What is right for your organisation? The Privacy Compliance Hub helps you make such decisions.
What you need and what you don’t
To make the right decisions, you need to ensure that you have the right advice. That means that you need a compliance solution that has been devised by data protection experts from the ground up. You also need a solution that deals with all of the problem, not part of it. There are too many solutions out there which only offer part of the solution. For example, data storage companies that offer to keep data secure, but put a GDPR badge on their offering to make you think that what you are getting is a GDPR compliance solution. Or companies which offer an ISO 27001 solution which view the GDPR as an opportunity and try and repurpose that solution as a GDPR compliance solution.
What you need is a flexible solution that covers every aspect of the GDPR from beginning to end. It needs to be provided by experts in the field who understand the difficulties organisations are having in understanding the avalanche of content out there. The solution needs to be simple and easy to use, enabling your organisation in your industry to create a compliance programme that works for you. It needs to do this securely in a way that you can understand. That is what The Privacy Compliance Hub has been developed for.
How The Privacy Compliance Hub works
The Privacy Compliance Hub enables the leaders of your organisation to achieve data protection compliance. You achieve this by agreeing to comply with a set of what we call ‘Privacy Promises’. By meeting these promises, your organisation complies with its data protection obligations, including the GDPR.
Using a team of ‘Privacy Champions’ appointed from within your organisation, a compliance programme is followed using a Methodology which is supplied within the Hub. The Methodology takes the Privacy Champions through what they need to do in a structured, step by step fashion. A Privacy Plan supplied within the Hub acts as a project management tool to keep track of progress. And, finally, a Privacy Calendar is made available to record each step of your organisation’s compliance journey.
As the Privacy Champions carry out their activities in the Methodology and the Privacy Plan, they can make use of over 30 template documents provided within the Hub.
The Hub is carefully designed to:
- work for any organisation in any industry;
- carefully guide users of the Hub through a structured, easy to understand data protection compliance programme;
- provide practical and easy to use tools to implement that programme; and
- achieve a fundamental change in the mindset of everyone in an organisation by making data protection compliance matter, always.
It is comprehensive, leaving nothing to chance, but does so in a simple, methodical and structured way. Each and every organisation that uses the Hub is able to put together a bespoke programme that is completely their own.
By using the Hub you are embedding data protection compliance within your organisation (as the GDPR requires) and creating a secure online area from which you can demonstrate compliance to both your customers and regulators.
If you would like to talk about how The Privacy Compliance Hub would work for you, please get in touch. Alternatively, have a look at our video which provides you with a more visual explanation of how it works.