What should your company look for when hiring a GDPR consultant?
GDPR is a hot topic at the moment. Coming into effect in May 2018, almost any business that handles some form of personal data will have to review their data policies. If you’re in a position where you are involved in running a business and are looking to hire a consultant to advise you, here are some of the pointers you should look out for.
When reviewing possible vendors to assist you with GDPR, ensure that this isn’t their first rodeo. With the hype and raised level of awareness around GDPR, there are a lot of companies entering into the market with little previous knowledge in data protection. GDPR is an extension of standard data protection and established firms with previous expertise will better understand the requirements of your business.
To help yourself stay compliant by finding a trusted partner, ask for proof of previous engagements, case studies or referrals to ensure they are experienced.
Legislative Knowledge of GDPR
When interviewing prospective partners, ensure to ask highly specific questions in regards to individual components of the legislation. This will help separate the wheat from the chaff. Consultants who have studied the new laws in detail should be able to apply a suggested course of action to a theoretical scenario.
If the partner in question cannot give adequate replies to detailed queries, they are probably not the right fit.
Long Track Record
Look out for the new kids on the block. When it comes to GDPR its best to play it safe and stick to experienced consultants who have both technical and legal understanding of the challenges of GDPR. If possible, ask for proof of data protection certification relevant to your country or region.
Question if the consultancy you are planning on partnering with has consulted with legal professionals when developing their approach and practises. If they are engaged with a legal team, it shows they have done their due diligence in regards to ensuring they are providing suitable guidance.
They are also likely to be able to escalate particularly complex questions to their legal team, allowing them to get on with managing the technical implementation.
It is essential to ask about how the consultancy is going to perform an audit or compliance service for your business. Those with well established implementation patterns and detailed plans are more likely to give you peace of mind.
Consider asking for detailed documentation into their methodology. A consultancy that takes process seriously is more likely to complete work in a timely fashion and not miss out on any important details.
At the end of the day, if you don’t feel like you can trust a partner to give you adequate advice. Trust is an especially important factor when external contractors are likely to be providing some form of audit or review on your companies private data.
Non-disclosure agreements are a necessity when allowing external third parties access to internal systems. Background checks may also be requested to ensure possible contractors have no previous in fraud and are well worth the time and effort if there are additional concerns over sensitive information.
A trusted partner should be dedicated to helping you manage your customers, suppliers and staffs data properly. They should be ethically tuned into the issue of data protection. They should make their utmost effort to provide advice and services that protect not just the company, but all the shareholders that entrust the firm with their data.
If you’d like to read more into GDPR consulting, click here.
All the Best, C.