Professional Documents
Culture Documents
COMPLIANCE
CONSULTING
Email: info@westbrook.co.uk
Phone: +44 20 7096 2480
Website: westbrook.co.uk
Preparing for GDPR
Ensuring your Organisation is Compliant in 2018
Non-compliance with GDPR risks strict penalties - We conduct a detailed review your system from a
with the maximum penalty at €20 million or 4% of technical and user perspective, highlighting areas
a company’s annual global revenue, whichever is where privacy controls can be improved.
greater. This means that while the legislation doesn’t
come into force until 25 May 2018, it is important to Our Consultants focus on five key areas to ensure
prepare now for the transition. compliance;
The legislation expands the responsibility for data to • Identifying where customer data is held
include everyone who handles it - from the database • Identifying where data is captured
administrator, down to the company hosting the • Reviewing data accessibility & usage
database. This means if you are a Salesforce or • Complying with customers’ data requests
Cloud CRM user, both you and your provider are • Evaluating data security
both responsible for compliance with GDPR.
Contact Westbrook
T: +44 20 7096 2480
2 E: info@
PAGE
Key GDPR Focus Areas
Understanding how GDPR will affect your business
PAGE 3
7 Day GDPR Compliance Audit
Building the Foundations of a privacy focused system
Beginning with a kick-off meeting, your lead consultant will work with you to map out the scope of the GDPR
Audit, the privacy measures you already have in place, and any key concerns that may apply to your organisation’s
data.
*
The 1 Day estimate assumes our team are working exclusively within a single instance of the Sales Cloud. If your
system architecture is significantly more complex, additional time will be required.
Our consultants document where data is created across prospects, contacts, accounts and person accounts,
mapping it to a Manual or Automated input source. This includes data created by your company connected to a
customer, just as activity tracking, profiling information, lists and campaigns.
*Our consultants document what data is visible to each of your users. The 1 Day estimate assumes a Salesforce
instance with 15-20 Custom Objects and 2-3 user profiles. If your permissions structure is significantly more
complex, additional time will be required.
Contact Westbrook
W:
4 T:
PAGE +44 20 7096 2480
E: info@westbrook.co.uk
STEP 5: COMPLYING WITH CUSTOMERS’ DATA REQUESTS
• Review of Customer Contact Processes and Logs
Our consultants document how customer requests are managed, how an audit trail for customer requests is
created and how GDPR compliance can be reported on.
Our consultants review the personal data held within your system and identify areas where data security can be
improved. Our team evaluate where personal data can be accessed for business functions that do not require
direct identification, and whether anonymisation would impact their business function. We also identify all users
with the capability to export personal information from your CRM system.
• Documentation of Findings
1 ½ Day
• Feedback & Review of Findings
We compile our findings into a report that documents your current state solution and its compliance with GDPR
regulation, including areas for attention and suggestions for improvement. To conclude the project we provide
feedback on our report with your project stakeholders.
PAGE 5
Extending Your GDPR Audit
Building Compliance into your Salesforce Systems
Contact Westbrook
:
6 T:
PAGE +44 20 7096 2480
E: info@