Cyber security incidents resulting in breaches of data are on the increase. Criminals and hackers continue to attack businesses which hit the headlines as IT services are disrupted, money defrauded or personal and sensitive or commercial data is leaked (purposefully or accidentally). With the introduction of new legislation and regulatory controls, there is an increased focus from business, law enforcement, the European Parliament and UK Government of the need for effective cyber security and data privacy controls.

The challenge

The Network and Information Security Directive (NISD) and the General Data Protection Regulation (GDPR) are designed to harmonise data protection laws already in place across the EU. GDPR and NISD came into force in early 2016 with a two year preparation period. The directive and regulation have far-reaching implications for business who need to prepare and ensure compliance. The GDPR or equivalent legislation will apply in the UK from May 2018.

What is a data governance framework review?

Our Data Governance Framework Review is a study across the whole organisation covering business systems, networks and/or applications and the information and data held by all parts of the business, and validating how that data and information is protected. The review will define your current level of risk exposure and create a plan to reduce the risk to an acceptable level. The review will help identify the most effective way to comply with data protection regulations through a series of structured interviews, document reviews (policies, procedures and data protection regulations) and understanding relevant systems controls and technical capabilities.

Key steps and deliverables

1. Document the ‘as is’ (current) privacy and data protection state

2. Review appropriate Data Protection Impact Assessments

3. Data Protection Act compliance check

4. Populated risk model to underpin the findings and recommendations.

5. Document the ‘to be’ (target) privacy and data protection state

6. Develop an information asset register

7. GDPR Health Check

8. Develop information flow diagrams

9. Roadmap and supporting plan to achieve the target state

10. Draft privacy strategy/policy documentation.

11. Final report and presentation – analysis and decisions from the review.

Contact us for more information or to discuss your data protection requirements.