More about Credit Unions

If you process personal data and believe that you policies, processes, practices or documentation may require improvement to comply with the GDPR or law, a gap analysis is an essential action for you.

We take the complexity out of these changes by providing a fixed price gap analysis of your business and identifying the actions that you need to take to stay compliant and to manage associated risks. With extensive business, regulatory and data protection expertise, we include a risk based approach to identify the key areas that may expose you to harm.

We analyse organisations in the context of their scale and nature, and changes are often less cumbersome than our clients initially expect.

Reviews are carried out by an Institute of Banking Certified Data Protection Officer and include;

• Site visit – to understand your business and the individual factors that may expose you to GDPR related risk.
• A detailed review or current documentation
• Identification of compliance and risk mitigation actions
• Written report detailing recommendations

Contact us now and we will provide you with a cost effective* review package.

*Prices will vary subject to the nature, scale and location of your organisation

Access Requests or Breaches are the most likely events to trigger a liability for a controller. There are two key things that a controller needs to be conscious of;

• Timing – these events have strict timelines; missed timelines = a compliance breach
• Structured process – there are a structured processes and established norms for these events, be prepared

Access request from a subject; this is typically the first touch point from staff /customers to a legal action. You have one month to respond and need to follow the process tightly to prevent the subjects legal advisors form using this against you. There is also much ‘over analysis’ of the data that needs to be provided. It is the personal data of the subject (not work data – this has been established in the courts) and there are other exemptions and restrictions to consider. If in doubt take advice early in the process,

Access Request form a state authority; this form of access is by its nature an investigation of an unlawful activity or a criminal offence. Ensure that the obtaining of personal data from you is lawful to avoid inadmissibility in court or liabilities on your behalf. Be conscious that the provider of this data may be required to attend court as a material witness. Be prepared.

Data Breach; the key to managing breaches is to get the timing right; you have 72 hours to report to the Data Protection Commissioner. A risk assessment will dictate whether a report is necessary, and whether the Subjects need to be informed and advised by you. Act quickly, waiting until the next the next day is losing valuable time

We take you through a pragmatic process to identify areas that need attention. Our process will accelerate your pace of change, minimise risk to your organisation and enable you to demonstrate compliance. We assess;

• Where are your exposures under GDPR and what are the likely consequenses
• What actions need to be taken
• What processes, policies and technology need to be updated to deliver an enduring process.

first will take you through a structure process to deliver;

• A GDPR Maturity Summary with high level analysis
• A roadmap for your organisation
• Guidance on your requirement for an Impact Assessment
• Key recommendations