Email Icon
info@urmconsulting.com
Phone Icon
0118 206 5410
Governance, Risk Management and Compliance
|
Data Protection
|
GDPR
BLOGS

Tips on Demonstrating UK GDPR Compliance

|
|
PUBLISHED on
22 Jul
2022

Table of Contents

The easy way (if it was available!) would be to certify to an approved UK GDPR certification scheme.  The Data Protection Act 2018 gave the UK’s privacy regulator, the Information Commissioner’s Office (ICO), the power to accredit providers of certification schemes for demonstrating compliance with the UK GDPR.  Unfortunately, a widely-applicable certification scheme, applicable to different types and sizes of UK organisations, still does not exist.  In August 2021, the ICO did approve 3 certification schemes, however, these were for quite specific purposes: IT asset disposal, age assurance and age-appropriate design.

Back in 2017/18, we saw many organisations creating a ‘task force’ or project team to address GDPR compliance in the run-up to the May 2018 deadline.  Most of these organisations typically disbanded their taskforce teams once they felt that compliance had been achieved, although some appointed a responsible data protection manager/DPO or compliance officer.  As with other compliance activities, we appreciate how difficult it is to maintain ‘good intentions’ as other business pressures/requirements take centre stage.  Equally, when the GDPR was launched, there was limited guidance available and, with the goalposts now having shifted slightly, some organisations may find that they are not as compliant as they originally thought.

What we do have now, is a British Standard, namely BS 10012, which provides a best practice framework for a personal information management system.   Whilst not an international standard, such as ISO 27001, or a complete model for the UK GDPR compliance, BS 10012 is aligned to the principles of the GDPR and a good starting point. However, this is not a quick (in the next few months type!) solution.

So, what can you do now to demonstrate UK GDPR compliance?  A very practical approach is to arrange an external audit by an experienced GDPR/DP practitioner.  If structured correctly, this will not only verify your compliance status, but will provide you with valuable advice and insight into good practices adopted by other organisations.

A valuable UK GDPR compliance audit is not all about the DP/UK GDPR rules, it’s also about ensuring you are complying with your own policies, processes, and procedures i.e., the measures you put in place to establish UK GDPR compliance in the first place.

Here are some questions which should help you in determining your level of compliance with the GDPR

  • Are you complying with your policies?
  • Have you reviewed consent mechanism?
  • Have you continued to evaluate third parties and their contractual conditions?
  • Have you maintained your register of processing activities?
  • Has your business changed at all and are your lawful grounds for processing still valid?
  • Have you reviewed your data flows in line with any chances?
  • Have you maintained your DPIA records and are you conducting DPIAs as and where required?
  • Do you nave an effective mechanism in place for dealing with subject access requests?

Read more
Read more
find OUT more on:
GDPR
ICO
Information Commissioner’s Office
GDPR Principles

Do you need assistance in improving your GDPR compliance position?

URM can offer a host of consultancy services to improve your DP policies, privacy notices, DPIAs, ROPAs, privacy notices, data retention schedules and training programmes etc.
Recent blogs
Planning Your ISO 27001 Audit Programme
Data Protection Considerations for Artificial Intelligence (AI)
The Finer Details of PCI DSS v4.0
How to Develop a Robust Business Continuity Plan
I’ve Got my Cyber Essentials - Now What?
How URM can help?
Consultancy
Do you need assistance in improving your GDPR compliance position?

URM can offer a host of consultancy services to improve your DP policies, privacy notices, DPIAs, ROPAs, privacy notices, data retention schedules and training programmes etc.

Read more
Training
Gain a sound grounding and practical interpretation of the GDPR and the DPA 2018!

By attending URM’s online BCS Foundation Certificate in Data Protection course, you will gain valuable insights into the key aspects of current DP legislation including rights of data subjects and data controller obligations.

Read more
Consultancy
Does your organisation fully comply with the General Data Protection Regulation (GDPR)?

If uncertain, URM is able to conduct a high-level GDPR gap analysis which will assist you understand your current levels of compliance and identify gaps and vulnerabilities.

Read more
related BLog posts
Thumbnail of the Blog Illustration
Data Protection
Published on
7/12/2023
Conducting Data Protection Impact Assessments (DPIAs)

URM answers key questions around data protection impact assessments (DPIAs), providing detailed guidance on the best practice approach to conducting them.

Read more
Thumbnail of the Blog Illustration
Data Protection
Published on
21/7/2022
Gaining Senior Management Buy-In to GDPR Compliance

Why can it still be challenging to gain traction on your GDPR compliance project?

Read more
Thumbnail of the Blog Illustration
Data Protection
Published on
25/7/2022
What is the GDPR?

The GDPR (EU) 2016/679 is an EU regulation which came into effect on 25 May 2018 and set a new benchmark for the processing of personal data.

Read more
"
Leanr more about
URM Services
Informative webinar. Thank you!
Toni P.
Webinar 'GDPR - Back to Basics'
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.
Services
Training
Consultancy
Products
About URM
About URM
URM Data Sheets
Contact URM
URM White papers
Case Studies
URM Blog
Collaboration
Secure File Portal (SFP)
Partner with URM
Subscribe to Mailing List
© Copyright 2024 URM Consulting Services Ltd. All Rights Reserved.
|
Privacy Policy
|
Cookies
|
Terms of Business