- To ensure compliance to the EU Regulation and EU/UK local Data Protection Legislation.
- To ensure adequate and effective controls are in place to protect the organisation’s and their client information.
Scope: Will include, but not be limited, to identification of all IT environments that process and store personal and personal sensitive information. Policies, standards, procedures, project methodologies, contractual agreements, websites and cookies.
CASKIA Consulting will conduct a privacy impact assessment to identify gaps in the organizations legal obligations. i.e. compliance with the 8 Data Protection Principles of the UK Data Protection Act, as follows:
- Personal information must be fairly and lawfully processed
- Personal information must be processed for limited purposes
- Personal information must be adequate, relevant and not excessive
- Personal information must be accurate and up to date
- Personal information must not be kept for longer than is necessary
- Personal information must be processes in line with the data subjects’ rights
- Personal information must be secure
- Personal information must not be transferred to other countries without adequate protection
The above approach can be applied to local, i.e. non-UK Data Protection or Data Privacy Legislation.
- Develop and present a detailed report, based on the scope, that will identify areas of compliance and detail areas of non-compliance.
- Develop and/or assist in the development of policies, standards and procedures to ensure integration into the organizations existing operations.
- Periodic follow-up reviews to ensure adherence to policies and controls remain in-place and effective.