We will map the personal data in your Organisation or Legal Practice
The vast majority of organisations have not adequately mapped all of their personal data.
As such, they are non-compliant with Article 30 the GDPR. (There's an excerpt from Article 30 at the bottom of this page.)
Irrespective of the size of your organisation: You must know precisely what personal data you hold or process, why you are processing it, who has access to it, how long you’re going to keep it, and what measures you have in place to protect it.
Your time is precious.
Dozens of legal Practices have saved themselves a lot of time by instructing us to map their data for them, on a fixed fee basis.
We have provided them with a new Information Asset Register similar to the one shown on this page.
So, just how big is this? What personal data might a small ‘typical’ high street legal Practice process?
In fact, the scale of the challenge (and for many, the non-compliance) is huge; as is the risk.
The Information Asset Register below records the personal data, in a manner compliant with Article 30 of the GDPR, of a small legal Practice.
For such a complex task, PDA makes the process remarkably simple
Article 30 of the GDPR makes clear as to the requirements of all organisations that hold personal data:
“Each controller and, were applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility. That record shall contain all of the following information…
b) the purposes of the processing;
c) a description of the categories of data subjects and of the categories of personal data;
d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;
f) where possible, the envisaged time limits for erasure of the different categories of data;
g) where possible, a general description of the technical and organisational security measures…”