Enter your details below and we'll get back to you.
Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.
What is the challenge?
The principles of the General Data Protection Regulation (GDPR) are enshrined in UK law and failure to adhere to them can result in significant fines. Yet there is currently no concrete GDPR compliance process. At the moment it is advisable to use the organisational governance requirements provided by the Payment Card Industry Data Security Standard (PCI DSS) or ISO 27001 which provide a helpful framework. But it is still the responsibility of the organisation’s Data Protection Officer (DPO) or Chief Information Security Officer (CISO) to ensure that the additional requirements of GDPR are included in their systems.
Who needs this service?
Few organisations have the in-house resource to manage the full ongoing requirements of GDPR. This is because of the exacting demands of the role, making CISOs with specific GDPR expertise hard to find and expensive to employ. Most resident CISOs therefore benefit significantly from the added value, support and resource provided by industry experts with wider GDPR experience.
Many organisations require a higher level of support in fulfilling the CISO or DPO roles to meet the exacting requirements of GDPR. Engaging with an industry-respected GDPR team will ensure that all appropriate steps are taken in a timely and cost-effective manner.
What solution does SRM’s GDPR service provide?
Our GDPR consultants are trained through a GCHQ-approved qualification and can advise and support on the strategic implementation of GDPR. SRM has operated in this environment for many years and can support organisations at any level, from strategic level C-Suite engagement to taking on the full DPO role if required.
SRM’s GDPR service benefits include:
- A personal point of contact within the GDPR team for each client.
- A pre-audit exercise and gap analysis.
- Remedial action plan and roadmap.
- A fully accredited forensics lab to assist in any investigation should a breach occur. We can also handle communications to relevant bodies, should the worst happen.
- Strategic board level engagement (if required) to ensure company-wide commitment to GDPR implementation and training is secured.
- A wealth of experience in running exercises and working with policy makers to ensure that impact to the business is minimised.
At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.
The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.
The SRM team is experienced in all aspects of Cyber Essentials certification. We can do as much or as little as is required.
SRM guides you through the entire ISO27001 certification process, helping you to review continually and refine the way you handle information security, not just for the present, but for the future.
Putting 2019 into sharp focus – the benefits a fresh set of eyes brings to information securityTuesday, February 19th, 2019
For many, 2019 started off in a state of partial blindness. GDPR took up so much attention that some of the other aspects of their organisation’s information security has..
Don’t be complacent because GDPR has yet to show its teethTuesday, December 18th, 2018
When the General Data Protection Regulation (GDPR) was first discussed, there were headline figures about the size of fines. Where fines levied by the Information Commissioners Office (ICO) under..
Why is a Business Continuity Plan important?Tuesday, October 9th, 2018
Why is a Business Continuity Plan important? It’s simple: because a business’ ability to recover from a cyber breach hinges on its ability to react quickly. Since the enactment..