How we can help
We can work with you to develop a suitable framework to comply with the GDPR's provisions including:
Recognising that implementing the GDPR could have significant resource implications, Sungard AS can help develop awareness campaigns, as well as prepare and deliver training and awareness materials such as the Sungard AS GDPR Masterclass©.
Data Protection by Design & Data Protection by Default
Under the GDPR, organisations have a general obligation to implement technical and organisational measures to show that they have integrated data protection into processing activities. In GDPR terminology this is known as data protection by design and by default. Sungard AS can review and improve your organisation's processes.
Conducting Data Protection Impact Assessments (DPIA)
Our GDPR-compliant DPIA tool, which can be run in French and English, is an efficient way for companies to identify how best to comply with data protection obligations and meet individuals' expectations of privacy. It allows different business teams to identify and fix problems at an early stage, reducing the associated costs and damage to reputation which might otherwise occur.
(Note: Despite the similarity between their names, the newly-defined Data Protection Impact Assessment (DPIA) is not the same as the more well-established Privacy Impact Assessment)
Personal Data Breaches Management
Companies should have procedures in place to detect, report and investigate a personal data breach. The GDPR introduces a duty on all organisations to report certain types of data breach to the Supervisory Authority and, in some cases, to the individuals.
Sungard AS has an unsurpassed global reputation for helping organisations to improve their crisis management capabilities with services including simulations and exercises. We can advise you on developing your response to a breach.
Perhaps one of the biggest changes brought in by GDPR is moving from implicit to explicit, purpose-bound consent, which must be “freely given, specific, informed and unambiguous”. This means organisations need to be clear what they intend to use an individual's personal details for, and make that purpose clear. We can guide you on the ramifications you need to consider in light of this clause.
Lead Supervisory Authority
Companies that have processing activities in several countries will typically fall under the jurisdiction of multiple supervisory authorities. We can help controllers understand how the GDPR applies to their processing activities in the different national contexts across the EU.
International Transfers of Personal Data
If personal data needs to be transferred, adequate safeguards must be in place. Sungard AS can advise on the best mechanisms to perform personal data transfers lawfully.
For years, certification marks and seals have served as a mark of trust for consumers, showing the organisation adheres to certain principles. Sungard AS can help companies attain the relevant Privacy Seal.
Reasons to choose Sungard AS
- Comprehensive proprietary methodology based on:
- The GDPR itself and the available regulatory guidance
- BS10012: 2017 – Data protection (Specification for a personal information management system)
- BS ISO/IEC 29134:2017 – Guidelines for privacy impact assessment
- ISO/IEC 27001 – Information Security Management
- DPA 1998 and PECR
- WP29 – Article 29 Working Party (European Commission) guidance
- We follow the Plan-Do-Check-Act (PDCA) model used in ISO/IEC 27001 as our structure for developing and delivering assignments as the four-step process supports continuous improvement.
- Expertise and experience – Our GDPR-certified data governance and data protection consultants are all highly experienced. Sungard AS is a corporate member of the International Association of Privacy Professionals (IAPP), which has appointed one of our consultants a Fellow of Privacy.
- Comprehensive range of services spanning the data protection spectrum – These can be tailored to your organisation's needs and strategy and include:
- High level GDPR gap assessment
- Data protection programme management
- Coaching for data protection officers and data protection programme managers
- Advisory services covering:
- Data protection governance and policy
- Subject Access Request (SAR) management
- Data subject rights
- Lawful pathways for processing personal data
- Policies, plans and procedures (including website cookies and privacy statements).
GDPR presents opportunities for companies that manage their data well to grow and exploit new markets, build a more sustainable bottom line and gain an enhanced reputation in the marketplace. But, with sanctions coming into force in May, the clock is ticking.
For more information about GDPR support from Sungard AS, please contact us.