GDPR Essentials Home
The General Data Protection Regulation – GDPR will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
QG Management Standards have devised a standard to assist organisations in the compliance of the new requirements. The QG GDPR Management Standard has been written using the principles of General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Download your PDF here
This standard applies to all organisations who are ‘controllers’ and/or ‘processors’. The definitions are broadly the same as under the Data Protection Act – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
The QG system offers two levels of assurance;
To qualify for your GDPR Essentials Certificate you are required to provide evidence that you meet the GDPR Essentials Requirements. We have made this easy for you by providing a GDPR Essentials Questionnaire that asks you the relevant questions, depending on your business size and what you process. You’ll need to attach some items such as screen grabs or policy notes to evidence compliance. On completing the questionnaire to our satisfaction you will be awarded your GDPR Essentials Certificate. The successful completion of the QG GDPR Management template* meets this requirement. Pick the right questionnaire below that best suits your business profile.
Questionnaire A – For Organisations that employ more than 250 who process personal data that could result in a risk to the rights and freedoms of individuals, special categories of personal data OR criminal convictions and offences.
Questionnaire B – For Organisations that employ less than 250 who process personal data that could result in a risk to the rights and freedoms of individuals, special categories of personal data OR criminal convictions and offences.
Questionnaire C – For Organisations that employ less than 250 and do not process personal data that could result in a risk to the rights and freedoms of individuals and do not process special categories of personal data OR criminal convictions and offences
You may be required to provide further assurance to your customers that you meet the requirements of the GDPR Essentials programme. This is called GDPR Essentials PLUS and involves an audit at your premises of your management systems as well as the completion of your questionnaire.