The General Data Protection Regulation – GDPR applied in the UK from 25 May 2018.
In the UK the GDPR is enacted in the Data Protection Act 2018 and the government has confirmed that the UK’s decision to leave the EU will not affect the implementation of the Regulation.
This QG Data Protection Management Standard applies to all organisations who are ‘controllers’ and/or ‘processors’ of personal data. The definitions are broadly the same as under the Data Protection Act 1998 – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you were subject to the Data Protection Act 1998, it is likely that you will also be subject to the Data Protection Act 2018 (DPA 2018) & GDPR.
If you are a processor, the DPA 2018 places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the DPA 2018 & GDPR.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the DPA 2018 & GDPR places further obligations on you to ensure your contracts with processors comply with the Act/Regulation.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
THREE LEVELS OF ENGAGEMENT (terms & conditions apply)
- Simply download the free standard from www.qgstandards.co.uk and implement the process/controls
- Our verified self assessment option is straight forward;
- select the most appropriate questionnaire that matches your business,
- complete the questionnaire yourself or call on one of our Accredited Practitioners to help you,
- send the questionnaire to QG via email or call for details of our secure upload centre and we’ll allocate a certification body for you,
- the certification body may contact you for clarification,
- once clarification is satisfied you will be awarded QG-GDPR Fundamentals certification.
- For those who require a higher level of assurance you can apply for the PLUS assurance level. This involves an onsite audit/test of the operating process.
Assurance Levels
GDPR Fundamentals
To qualify for your GDPR Fundamentals Certificate you are required to provide evidence that you meet the GDPR Fundamentals Requirements. We have made this easy for you by providing a GDPR Fundamentals Questionnaire that asks you the relevant questions, depending on your business size and what you process. You’ll need to attach some items such as screen grabs or policy notes to evidence compliance. On completing the questionnaire to our satisfaction you will be awarded your GDPR Fundamentals Certificate. The successful completion of the QG GDPR Management template* meets this requirement. Pick the right questionnaire below that best suits your business profile.
GDPR Fundamentals Plus
You may be required to provide further assurance to your customers that you meet the requirements of the GDPR Fundamentals programme. This is called GDPR Fundamentals PLUS and involves a detailed audit of your management systems as well as the completion of your questionnaire.
Want help or more information?
We would love to hear from you if there is anything you are unsure about or if you would like to know more.
Call us on 01228 631681 or send us an email and we will be happy to help.