GDPR Analysis - Base and Plus

GDPR data audit.jpg

One challenge with the GDPR is that it is written into law without detailed guidance on the practical application of how to achieve & maintain compliance

GDPR comes without an overarching standard like with PCI DSS or pre-defined auditable process. As such businesses have to define current compliance levels and come to conclusions themselves about the best way to achieve compliance.

Bytes have developed their GDPR Base and GDPR Plus compliance analysis services with specialist data consultancy partner Risk-X to aid in this process. Our services enable businesses to gain a clear picture of how compliant they are and the strategies and processes they can adopt to improve that.

Key Elements of GDPR Baselining and Assessment

audit response_1.png

Baseline of Compliance

Understand current data accuracy, erasure, correction capacity and storage profile


Consent & Processing Documentation

Document current basis for processing & design consent collection method


Storage and Data Retention

Legal counsel on best basis of processing, storage and data retention



Definition & design of PII replacement solutions & pseudonymisation to minimise GDPR impact


Privacy Impact Assessments

Privacy certification (ISO 29100) and identification of necessary Privacy Impact Assessments


General Data Protection Base (GDP)

Designed in line with the international standard for the security of information – ISO27001, the premise of GDP Base is to identify what data you have and how you use it. Once you understand this a Privacy Information Management System (PIMS) will be created to manage this data.

On completing GDP Base you will have a workable Privacy Information Management System (PIMS) and be able to address the 12 key points the Information Commissioner’s Office (ICO) recommends UK businesses should focus on to ensure that they meet the new Regulation.


General Data Protection Plus (GDP+)

Extends work to the operational, physical, technical areas of your business, considering their implemented state. Consultants use ISO27001 (aligned with privacy frameworks) to review how your data is protected.

GDP+ will provide the following:

  • A statement of applicability of controls - showing what controls are required for the security of PII, and which you have in place
  • A risk-prioritised remediation plan for areas non-conformant to ISO27001

The GDP+ process looks at all areas of the business in scope for privacy information and provides a baseline of all controls in place with guidance to allow you to remediate any failures.


Want to know more about GDPR Analysis & Framework Services?

Simply fill in the enquiry form below and a Bytes GDPR specialist will be in touch shortly

Get a quote...

Email instead Call us