Вы находитесь на странице: 1из 6
GDPR AUDIT & COMPLIANCE CONSULTING Westbrook International Ltd. 164 - 168 Regent Street Linen Hall
GDPR AUDIT & COMPLIANCE CONSULTING Westbrook International Ltd. 164 - 168 Regent Street Linen Hall

GDPR AUDIT & COMPLIANCE CONSULTING

GDPR AUDIT & COMPLIANCE CONSULTING Westbrook International Ltd. 164 - 168 Regent Street Linen Hall London

Westbrook International Ltd. 164 - 168 Regent Street Linen Hall London

Email: info@westbrook.co.uk Phone: +44 20 7096 2480 Website: westbrook.co.uk

164 - 168 Regent Street Linen Hall London Email: info@westbrook.co.uk Phone: +44 20 7096 2480 Website:
164 - 168 Regent Street Linen Hall London Email: info@westbrook.co.uk Phone: +44 20 7096 2480 Website:
Preparing for GDPR Ensuring your Organisation is Compliant in 2018 What is GDPR? The General

Preparing for GDPR

Ensuring your Organisation is Compliant in 2018

What is GDPR?

The General Data Protection Regulation (GDPR)

is a significant update to the existing laws around handling and communicating personal information

of EU Citizens.

Fundamentally, GDPR sets out a range of regulations that allows EU Citizens to control who has access to their personal information, how it can be used, and whether they continue to give permission for it to be held.

GDPR also places the responsibility for data security and privacy on any organisation involved in the ‘processing’ of personal information. Processing is a broad categorisation covering almost any use of personal data - including the tracking, capture, storage, and movement of data between organisations.

The definition of personal data is equally broad, and relates to any data that can be associated with an identified individual. This means it is not only sensitive data such as financial transactions, medical history or account details that requires strict security and control, but any basic information that can be associated with any individual citizen.

Non-compliance with GDPR risks strict penalties - with the maximum penalty at €20 million or 4% of

a company’s annual global revenue, whichever is

greater. This means that while the legislation doesn’t

come into force until 25 May 2018, it is important to prepare now for the transition.

The legislation expands the responsibility for data to include everyone who handles it - from the database administrator, down to the company hosting the database. This means if you are a Salesforce or Cloud CRM user, both you and your provider are both responsible for compliance with GDPR.

Ensuring Compliance

GDPR represents a significant shift in how data is managed within an organisation and requires changes in both how your systems and culture operate. However, there are guidelines for how to become an organisation that has appropriate processes in place to comply with the new regulation.

Referred to as ‘Protection by Design & by Default’ in article 25 of the GDPR, these principles provide approaches to safeguard customer data. Adopting these methodologies is not a legal requirements - but doing so will significantly reduce the risk of non- compliance and the associated penalties.

Our GDPR Consulting

Westbrook Consultants work to review your system, and provide a roadmap to ensuring appropriate GDPR compliance.

We

help

you

to

build

the

foundation

for

your

organisation

that

protects

privacy

by

design

&

default, and how best to transition from your existing business processes.

We conduct a detailed review your system from a technical and user perspective, highlighting areas where privacy controls can be improved.

Our Consultants focus on five key areas to ensure compliance;

• Identifying where customer data is held

• Identifying where data is captured

• Reviewing data accessibility & usage

Complying with customers’ data requests

• Evaluating data security

T:
T:

Contact Westbrook

+44 20 7096 2480

2

PAGE

E:

info@

Key GDPR Focus Areas

Understanding how GDPR will affect your business

Areas Understanding how GDPR will affect your business Identifying where customer data is held To begin
Areas Understanding how GDPR will affect your business Identifying where customer data is held To begin
Areas Understanding how GDPR will affect your business Identifying where customer data is held To begin
Areas Understanding how GDPR will affect your business Identifying where customer data is held To begin
Areas Understanding how GDPR will affect your business Identifying where customer data is held To begin

Identifying where customer data is held

To begin reviewing the security and privacy of your customer data, you must first identify all your systems that contain personal information - or data that can be used to identify a person. We work with you to conduct a system wide review, mapping out how systems interact to share customer data.

Identifying where data is captured

With an understanding of where your organisation’s data is held, we review the technological tools and manual processes that generate prospects, leads, contacts or person accounts within your systems. We review how an identifiable individual is created, and how information about them is enriched, updated and processed, and what technology or business user is responsible for creating it.

Review data accessibility & usage

We review the level of data access and availability across your systems, identifying how much customer information each user profile can view or edit. We work with you to evaluate how much of this information is relevant to your users for their business role - identifying areas where access to personal information can be streamlined, and offering approaches to limit unnecessary access to private data.

Complying with customers’ data requests

GDPR provides customers’ rights over their personal data. We work with you to ensure your system can comply with customer’s data requests in a format that complies with GDPR. We review the current processes in place to action, log, export and delete customer data, and how this can be enhanced to comply with GDPR. This is particularly relevant with the widely publicised ‘Right to be Forgotten’.

Evaluating data security

We work with you to audit the security processes in place for protecting the data from misuse internally, and how they comply with GDPR standards. We review where security could be improved, as well as where data could be effectively encrypted, made anonymous or restricted without negatively impacting business activities.

could be effectively encrypted, made anonymous or restricted without negatively impacting business activities. PAGE 3

PAGE

3

7 Day GDPR Compliance Audit Building the Foundations of a privacy focused system STEP 1:

7 Day GDPR Compliance Audit

Building the Foundations of a privacy focused system

STEP 1: STAKEHOLDER WORKSHOPS

Initial Kick-Off Call

System Landscape Review

½ Day

Beginning with a kick-off meeting, your lead consultant will work with you to map out the scope of the GDPR Audit, the privacy measures you already have in place, and any key concerns that may apply to your organisation’s data.

STEP 2: IDENTIFYING WHERE CUSTOMER DATA IS HELD

Standard Object review (Leads, Contacts and Person Accounts)

 

Identify points of Integration

1

Day *

Review of Custom Objects

 

* The 1 Day estimate assumes our team are working exclusively within a single instance of the Sales Cloud. If your system architecture is significantly more complex, additional time will be required.

STEP 3: IDENTIFYING WHERE DATA IS CAPTURED

Identifying Automated Data Capture

Identifying Manual Data Capture

1 Day

Our consultants document where data is created across prospects, contacts, accounts and person accounts, mapping it to a Manual or Automated input source. This includes data created by your company connected to a customer, just as activity tracking, profiling information, lists and campaigns.

STEP 4: REVIEW DATA ACCESSIBILITY & USAGE

Review of Data & Object access by User Profile

Review of User Security Permissions

1 Day *

*Our consultants document what data is visible to each of your users. The 1 Day estimate assumes a Salesforce instance with 15-20 Custom Objects and 2-3 user profiles. If your permissions structure is significantly more complex, additional time will be required.

more complex, additional time will be required. Contact Westbrook W: 4 PAGE T: E: +44 20

Contact Westbrook W:

4

PAGE

T:

E:

+44 20 7096 2480 info@westbrook.co.uk

STEP 5: COMPLYING WITH CUSTOMERS’ DATA REQUESTS • Review of Customer Contact Processes and Logs

STEP 5: COMPLYING WITH CUSTOMERS’ DATA REQUESTS

Review of Customer Contact Processes and Logs

Review of Data Portability and Deletion Processes

Review of Reporting & Export Processes

1 Day

Our consultants document how customer requests are managed, how an audit trail for customer requests is created and how GDPR compliance can be reported on.

STEP 6: EVALUATING DATA SECURITY

Review of Data Security

 

Review of Potential Data Encryption

Review of Potential Data Anonymisation

1

Day

Review of Potential Data Pseudonymisation

 

Our consultants review the personal data held within your system and identify areas where data security can be improved. Our team evaluate where personal data can be accessed for business functions that do not require direct identification, and whether anonymisation would impact their business function. We also identify all users with the capability to export personal information from your CRM system.

STEP 7: DOCUMENTATION & FEEDBACK

Documentation of Findings

Feedback & Review of Findings

1 ½ Day

We compile our findings into a report that documents your current state solution and its compliance with GDPR regulation, including areas for attention and suggestions for improvement. To conclude the project we provide feedback on our report with your project stakeholders.

TOTAL TIME

7 DAYS

To conclude the project we provide feedback on our report with your project stakeholders. TOTAL TIME

PAGE

5

Extending Your GDPR Audit Building Compliance into your Salesforce Systems Strategic Consulting For organisations with

Extending Your GDPR Audit

Building Compliance into your Salesforce Systems

Strategic Consulting

For organisations with customer information distributed between multiple integrated or siloed databases, we can extend your GDPR audit to review your wider systems landscape.

Delivered on a ‘Time and Materials’ basis, we will estimate the amount of time required dependent on the complexity of your business systems.

We will then conduct an audit of each system, evaluating each system through our 7 step process - creating a single GDPR compliance document that comprehensively outlines your path to compliance.

Salesforce Projects

Westbrook offers a range of services to ensure your organisation is on track for compliance with GDPR on the 25 May 2018.

Our end-to-end project delivery capability can Scope, Design & Build a solution for GDPR based on the output documentation from your Audit.

We will estimate the level of work required, manage the project and provide all the Salesforce Certified resources you need to build privacy controls into your system.

Where business activities may need to change to protect customer’s personal information, we offer experienced consultants with extensive experience in redesigning and restructuring business processes.

Our team can also provide the training and support your users need to transition to the new system and privacy focused approach.

Ongoing Support

If your organisation has skilled internal Salesforce resources, Westbrook can provide help and support as you transition to GDPR compliance.

Through our Salesforce support services, your team can access Certified administrator, consultant and developer resources as and when you need them.

By pre-paying for a specified amount of support, you can obtain maximum value from preferential rates and guaranteed access to resources.

Once the Audit is complete, you can choose the type and amount of support they need - all managed through a single support contract.

Ready to get ahead of GDPR?

If your interested in learning more about how Westbrook Consulting services can benefit your business, don’t hesitate to get in touch:

benefit your business, don’t hesitate to get in touch: Email: info@westbrook.co.uk Phone: +44 20 7096 2480

Email: info@westbrook.co.uk Phone: +44 20 7096 2480 Website: westbrook.co.uk

business, don’t hesitate to get in touch: Email: info@westbrook.co.uk Phone: +44 20 7096 2480 Website: westbrook.co.uk
:
:

Contact Westbrook

6

PAGE

T:

E:

+44 20 7096 2480 info@