GDPR Essentials Home

 

 

The General Data Protection Regulation – GDPR will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.

QG Management Standards have devised a standard to assist organisations in the compliance of the new requirements. The QG GDPR Management Standard has been written using the principles of General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Download your PDF here

This standard applies to all organisations who are ‘controllers’ and/or ‘processors’. The definitions are broadly the same as under the Data Protection Act – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.

However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

The QG system offers two levels of assurance;

To qualify for  your GDPR Essentials Certificate you are required to provide evidence that you meet the GDPR Essentials Requirements. We have made this easy for you by providing a GDPR Essentials Questionnaire that asks you the relevant questions, depending on your business size and what you process. You’ll need to attach some items such as screen grabs or policy notes to evidence compliance. On completing the questionnaire to our satisfaction you will be awarded your GDPR Essentials Certificate. The successful completion of the QG GDPR Management template* meets this requirement. Pick the right questionnaire below that best suits your business profile.

Questionnaire A – For Organisations that employ more than 250 who process personal data that could result in a risk to the rights and freedoms of individuals, special categories of personal data OR criminal convictions and offences.

Questionnaire B – For Organisations that employ less than 250 who process personal data that could result in a risk to the rights and freedoms of individuals, special categories of personal data OR criminal convictions and offences.

Questionnaire C – For Organisations that employ less than 250 and do not process personal data that could result in a risk to the rights and freedoms of individuals and do not process special categories of personal data OR criminal convictions and offences

You may be required to provide further assurance to your customers that you meet the requirements of the GDPR Essentials programme. This is called GDPR Essentials PLUS and involves an audit at your premises of your management systems as well as the completion of your questionnaire.

 

QG GDPR Standard

Requirements for organisations who require a Data Protection Officer

QG ACCREDITED PRACTITIONER SUPPORT

If you require support implementing your GDPR Management System there are QG Accredited Practitioners who have been trained by ourselves in the implementation of the QG GDPR Management Standard.  They each use the QG Management template to build and document your GDPR management system and will provide a system fully compliant with the QG GDPR Management Standard.

It would not be right for Practitioners to do this alone, whilst they’ll give you guidance to produce the documentation you are required to implement the system into your own organisation.

QG Accredited Practitioners are independent to QG Business Solutions the operator of the scheme. Practitioner support can be a combination of onsite and offsite support.

QG Management Template

The QG GDPR Management Template is a copyrighted document used by QG Accredited Practitioners to implement systems to the QG GDPR Standard. Use of the template and practitioners can often be more cost effective than doing it yourself as systems are generally compliant first time.

Frequently Asked Questions

What is the QG GDPR Management Standard?
QG Business Solutions Ltd, offers small and medium sized businesses the opportunity to obtain external recognition of their GDPR management system and has been written using the principles of General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
Why does this work for SME’s?
The QG standards were first developed in 1994 by Cumbria Enterprise Agency to assist SME’s achieve BS5750, 80% of BS5750 for 20% of the cost. In recent years that same policy of assisting SMEs has developed to include the GDPR Requirements.
To who does GDPR apply?

The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.

However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

How long will it take to achieve the QG Standard?
This depends on what you already have in place. Unique to the QG standard is that we look at how you operate the business and document it. Providing what you do meets all areas of the QG GDPR Management Standard then you meet the standard. If you don’t then we will tell you what’s required, you implement it for a period of time and then achieve the standard.

Address

QG Business Solutions Ltd

Westwinds, Lambley Bank,
Scotby, Carlisle
CA4 8BX

t 01228 631681

e info@qgbiz.co.uk