Call us on 03450 21 21 51

SRM Solutions
Consultancy & Compliance

GDPR

Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.

What is the challenge?

The principles of the General Data Protection Regulation (GDPR) are enshrined in UK law and failure to adhere to them can result in significant fines. Yet there is currently no concrete GDPR compliance process. At the moment it is advisable to use the organisational governance requirements provided by the Payment Card Industry Data Security Standard (PCI DSS) or ISO 27001 which provide a helpful framework. But it is still the responsibility of the organisation’s Data Protection Officer (DPO) or Chief Information Security Officer (CISO) to ensure that the additional requirements of GDPR are included in their systems.

Who needs this service?

Few organisations have the in-house resource to manage the full ongoing requirements of GDPR. This is because of the exacting demands of the role, making CISOs with specific GDPR expertise hard to find and expensive to employ. Most resident CISOs therefore benefit significantly from the added value, support and resource provided by industry experts with wider GDPR experience.

Many organisations require a higher level of support in fulfilling the CISO or DPO roles to meet the exacting requirements of GDPR. Engaging with an industry-respected GDPR team will ensure that all appropriate steps are taken in a timely and cost-effective manner.

What solution does SRM’s GDPR service provide?

Our GDPR consultants are trained through a GCHQ-approved qualification and can advise and support on the strategic implementation of GDPR. SRM has operated in this environment for many years and can support organisations at any level, from strategic level C-Suite engagement to taking on the full DPO role if required.

SRM’s GDPR service benefits include:

  • A personal point of contact within the GDPR team for each client.
  • A pre-audit exercise and gap analysis.
  • Remedial action plan and roadmap.
  • A fully accredited forensics lab to assist in any investigation should a breach occur. We can also handle communications to relevant bodies, should the worst happen.
  • Strategic board level engagement (if required) to ensure company-wide commitment to GDPR implementation and training is secured.
  • A wealth of experience in running exercises and working with policy makers to ensure that impact to the business is minimised.

Associated services

VirtualCISO™/VirtualISM™

At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.

PCI DSS

The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.

Cyber Essentials

The SRM team is experienced in all aspects of Cyber Essentials certification. We can do as much or as little as is required.

ISO 27001

SRM guides you through the entire ISO27001 certification process, helping you to review continually and refine the way you handle information security, not just for the present, but for the future.


Related articles

Don’t be complacent because GDPR has yet to show its teeth

When the General Data Protection Regulation (GDPR) was first discussed, there were headline figures about the size of fines. Where fines levied by the Information Commissioners Office (ICO) under..

Why is a Business Continuity Plan important?

Why is a Business Continuity Plan important? It’s simple: because a business’ ability to recover from a cyber breach hinges on its ability to react quickly. Since the enactment..

Why get ISO27001 certification?

We are sometimes asked the question, why get ISO27001 certification? The answer is that the ISO standard, and ISO 27001 compliance in particular, demonstrates that your organisation takes information..