GRC International Group has launched GRCI Law – a new arm of the organisation designed to support organisations in all aspects of GDPR compliance and breach reporting.
The introduction of the General Data Protection Regulation (GDPR) over six months ago marked a significant increase in responsibility and risk for all organisations that process personal data. However, despite the potential impact of the regulation, there remains a significant amount of confusion regarding aspects of compliance and reporting that companies of all sizes continue to grapple with.
From understanding the processes involved in breach reporting, to the implementation of an appropriate incident response plan, the reality is that for those businesses with little or no legal background, the complex elements around GDPR documentation and reporting are exceptionally challenging.
GRC International Group established GRCI Law to provide a GDPR Data Breach Support service, designed to support organisations in meeting their GDPR compliance requirements. The service includes helping businesses to take the necessary steps in meeting the 72-hour incident reporting deadline, as well as managing the entire process involved – including liaising with the Information Commissioner’s Office (ICO) to ensure the information submitted is concise and sufficient.
As part of the service, GRCI Law is working with companies to identify and analyse the extent of any data security incident; who has been affected, how extensive the breach is and how it happened. Furthermore, GRCI Law’s team of experts can assess whether the breach is likely to adversely affect individuals’ rights and freedoms and if so, ensures that the correct information is escalated to the affected individuals. Unlike traditional law firms, the service costs are transparent from the start – either as an emergency response package or retainer agreement – so companies don’t need to be concerned about spiralling fees.
Ryan Mackie, Managing Executive, GRCI Law, comments: “A number of GRC International’s clients were reporting issues dealing with personal data breaches as they often did not have the resources or experience to effectively monitor, manage and report these incidents, especially within the time specified by GDPR.
“As a result, GRCI Law has been set up as an independent entity, comprising of a team of qualified data privacy lawyers with Data Protection Officer (DPO) experience, as well as cyber and information security expertise, who are providing guidance to organisations on the more complex aspects of the regulations.
“With our expertise, resources and knowledge, we are helping businesses to rapidly respond to a data breach in line with GDPR, alleviating the hassle and pressure that comes with companies attempting to navigate this complex process themselves.”