DWF logo


DWF logo

            GDPR: Getting data protection right

            The laws relating to how organisations should deal with an individual's personal data are about to change dramatically. Organisations need to prepare now for these changes. DWF's data protection experts can provide you with strategic advice, practical tools and assistance.

            Date: 28/11/2017

            The laws relating to how organisations should deal with an individual's personal data are about to change dramatically. Organisations need to prepare now for these changes.

            The Information Commissioner is forging ahead with General Data Protection Regulation (GDPR) implementation plans, and further guidance on how to interpret the provisions of the Regulation is expected to be published in the foreseeable future.

            As a consequence, those organisations that haven’t started reviewing their existing data protection measures will need to take urgent action over the coming months in order to ensure they are compliant.

            DWF's data protection experts have the experience and knowledge to guide you through the various challenges that arise from the GDPR. We understand that budgets are limited and pragmatic commercial decisions will have to be taken. You will need to take pragmatic commercial decisions about what the key risks are to your business and we can provide you with the strategic advice, practical tools and assistance that you require in order to do this.

            How DWF can help you prepare for GDPR – Piecing together compliance:

            GDPR | DWF

            Audit & Gap Analysis Review

            We can provide a range of services to suit your organisation’s needs and budget. This might be a simple high level ‘Compliance Checker’ action list, a more detailed gap analysis survey which we assist in the completion of or over the phone support to enable your organisation to conduct its own survey internally. We recognise that budgets are not limitless and so we can help you identify the most important areas that you should address.

            Privacy Impact Assessments

            Privacy Impact Assessments (PIAs) are an important component in achieving compliance. Whilst previously they were recommended as representing good practice, the need to undertake PIAs will become a legal requirement under the GDPR. They are used to evaluate the potential risks posed to an individual's privacy rights through particular uses of personal data.

            We can assist with the drafting of PIA templates for use in all new data processing projects within your organisation. Often the reality is that organisations do not have the resource for legal or compliance to sign off all PIAs.

            Our training solutions can help equip appropriate operational staff to conduct self-certified assessments and provide risk ratings based on your particular type of business and data processing activities, so that closer scrutiny by legal or compliance functions is triggered where appropriate. We can also steer you through specifically complex PIAs for example, where sensitive or high volumes of personal data are involved or where the risks to data subjects are particularly high.

            Governance and Compliance Documentation

            Organisations must be able to demonstrate that compliance is practised from the executive level, through to business heads and senior managers and down to the operations and customer facing staff who are handling personal data on a day-to-day basis. It is important that governance frameworks take in all functions within the organisation that involve the handling of personal data. This is often achieved through a data protection steering group.

            We can provide you with terms of reference and overarching framework documents to help you demonstrate governance within your organisation. We can also provide template key compliance policies to reflect GDPR standards, such as those detailed below, or conduct gap analysis reviews on your existing polices.


            The employees who work within an organisation need to be sufficiently aware of their data protection obligations. With fines of up to the greater of 4% of global annual turnover or €20 million, you should ensure that the people in your business are fully trained on all aspects of the GDPR.

            All organisations will have changes to make to their policies, processes and procedures to bring them in line with the stricter new requirements. We have created some training courses which are designed so that you and your employees are aware of the principles of the Regulation, and understand what actions are required to manage the risks at their level. Our training courses are available in half day and full day sessions.

            Data Mapping and Cataloguing

            Understanding the types of personal data that are collected by your organisation, the records and systems in which it is stored, and why and how it is used, is important to ensuring compliance. Whilst operational staff may generally have a good understanding of how personal data is processed and stored within their own department or function, there is often no single organisational wide view of this.

            Given the significance of new pseudonymisation provisions in the GDPR, and the increasing trend for leveraging commercial benefit from analytics drawn from personally identifiable records, a holistic approach is essential. We can help train your staff to understand the legal and commercial significance in understanding the difference between pseudonymised and anonymised data, and to help position the differences.

            We can also assist with survey questionnaires to help obtain that important single view of the organisation’s personal data assets. 

            Download and keep: Getting Data Protection Right

            We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

            Manage cookies

            Your Privacy

            When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
            Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

            Functional cookies


            These cookies let you use the website and are required for the website to function as expected.

            These cookies are required

            Tracking cookies

            Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

            They may also be used to personalise your experience on our website by remembering your preferences and settings.

            Marketing cookies

            These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.