Back

Who We Are

Meet The Team

Awards And Certificates

Annual Reports

Responsible Business

Blogs

Three sinister groups threating organisations' cyber security

View All

Case Studies

Powering Alt HAN Co.'s Smart Meter Rollout

View All

Upcoming Events

Solar & Storage Live London

View All

Webinars

Private & blended finance retrofit: lessons from a pioneering partnership

View All

Opportunities

View All

Close

Press enter to search

Technology computer and internet cyber security and anti virus concept, Businessman pressing security shield with check mark icon with blurred office background.Technology computer and internet cyber security and anti virus concept, Businessman pressing security shield with check mark icon with blurred office background.

Your Annual GDPR Check

All organisations should check their data protection compliance every year.

Our privacy maturity assessment tool is based on the ICO’s accountability framework and helps you understand your priorities for next year and demonstrate your progress this year.

Independent support for your privacy programme

Your privacy maturity report will demonstrate to your senior leadership the value and impact of your privacy programme. It will also set out clear recommendations to help you build the case for continued investment. Our independent expertise and experience across a range of organisations will assure your leadership team that your priorities will be impactful.

How the service works

  • People holding mobile phones
  • Data server with security shield
  • Man and woman shaking hands sat opposite each other
  • People working together
  • Woman presenting findings to a group of colleagues

  • Step One

    Get in touch to book your assurance assessment. We can usually book your interviews within two weeks. Your consultant will get in touch to explain the GDPR check process and provide you with everything you need, including invitations for the interviewees.

  • Step Two

    We will provide you with a secure file location and ask you to share your data protection policies and procedures with us. We will give you a list of the ones we want to see - don't worry if you don't have them. Your consultant will review these documents and use them to inform the interviews and report.

  • Step Three

    We will schedule 45 minute interviews with your key people. We usually ask for 5 - 10 interviews depending on the size of your organisation. These are conversations where we explore how the individual does their day job. It's a much easier approach than asking people than asking people to complete the ICO form.

  • Step Four

    Your consultant completes our template which is based on the ICO accountability framework. They will score your maturity on over 300 criteria in ten categories. They will then produce a written report setting out our findings and any recommendations for next steps.

  • Step Five

    Your consultant will present our findings to you. This gives you the chance to ask any questions, prioritise our recommendations and decide whether you may need any help with any of them. After the meeting, we will send you a copy of the report and any further information you have requested.

    What is covered by the report?

    Meet the team Icon
    Collaboration icon
    Contracts Icon
    Cyber Threat Detection

    Leadership and oversight

    This section looks at your organisational structure, roles and responsibilities including your data protection officer (if you have one), and how you make sure information governance activities are completed.

    Policies and procedures

    This section looks at your process for creating and sharing policies and procedures, how staff find and learn about these and how you make sure data is protected by design and default.

    Training and awareness

    This section looks at your induction, annual refresher and role-specific training. We will look at how you ensure your training covers what matters to you and that your staff understand it.

    Individuals’ rights

    This section looks at how you handle data subject rights requests, including how you would cope with a sudden influx and how you make sure they are completed correctly and within statutory time frames.

    Transparency

    This section looks at your privacy notices and how you make sure they work for your audiences. We will look at how you ensure they are up-to-date and easy for people to find and understand.

    Records of processing activities and lawful basis

    This section looks at how you create and maintain records of the processing you do and how you make sure your processing is lawful. We will look at your processes, privacy notices and focus on how you handle processing on the basis of legitimate interest and consent. If you process children’s data we will also look at your parental/guardian consent processes.

    Contracts and data sharing

    This section looks at how you handle contracts with third parties and make sure personal data is protected when you use other organisations to help you process it.

    Risks and data protection impact assessments

    This section looks at how you identify, record and manage data protection risks.

    Records management and security

    This section looks at how you handle personal data and protect it from information security risks. We will look at how you make sure it is suitable for your purposes and ask you about specific information security controls such as access controls, remote working and business continuity preparations.

    Breach response and monitoring

    This section looks at how you detect, manage and handle breaches and incidents.

    Our Experts

    Awards and Certificates

    We are certified to many industry standards and have been recognised for our commitment to our people.

    Find Out More
    Award Celebration
    someone on the phone | consultancy services from Gemserv

    Contact Us

    If you would like to know more about our work, or would like to speak with one of our experts, please complete our contact us form.

    Contact Us