The spirit of the General Data Protection Regulation (GDPR) is the protection of personal data of a natural person.
GDPR focuses on providing both privacy and protection of personal data. Whilst the majority of the market focuses on the former via legal policy and audit of legacy data, the Acuity Compliance Management System (ACMS) ensures that both aims are addressed avoiding potential risk of negligence. We ensure that administrative control requirements of GDPR including security are met by delivering immediate sustainable change based upon an ICO approved ISO27001 information security platform.
GDPR requires the mapping of personal data types across the business with a view to identifying the relationship it has with it – either as internal controller or processor. This will provide an in-depth understanding of how and why personal data is accepted into the business and the treatment of that personal data throughout the business once it is received.
Our data mapping will identify the logical and physical containers. It will also identify where the data moves within the organisation, and whether or not it is shared with others.