D2 Legal Technology, a legal data consultancy, has launched a new solution and remediation service to help U.K. businesses achieve compliance with the EU General Data Protection Regulation and put in place data governance best practices.

Many companies, however, don't expect to be in compliance by the May 25, 2018 deadline, exposing significant business risk. Yet, companies are also missing out on the opportunity to lawfully unlock the value they can derive from the personal information they hold.

As Compliance Week has reported, by introducing the concept of ‘pseudonymised’ data, the GDPR encourages organizations to manage data properly, to ensure the individual pieces of data related to an individual are stored and processed separately. “Taking this approach both safeguards individuals’ data and enables an organization to explore that information for legitimate business use,” said Akber Datoo, managing partner at D2 Legal Technology.

“The challenge—and opportunity—for organizations is to undertake a complete and robust assessment of existing data resources: What data is held? Where is it located? Who has access? What is it being used for? What is the basis on which the data is being held and used and is there the necessary consent? It is only once this extensive data map has been created that organizations can begin to determine the way forward.”

D2LT’s GDPR Impact Assessment & Remediation Service comprises a current state assessment of the personal data held by a business, including the categories held, where and how it is stored, and the relevant data flows, creating a personal data asset inventory detailing this information. It also includes a gap analysis on a company’s existing policies, procedures and contractual arrangements, including an assessment of any contractual relationships with third-party service providers. The output of the service is a summary report, which contains a GDPR gap analysis against current state, remedial recommendations and a high-level roadmap to meet the GDPR timelines.