An Easier Way to Ensure Data Protection Compliance
Let us help you navigate the complex and challenging world of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). These data protection regulations are complicated and it can be difficult to know if your company is doing everything it needs to fulfil its data protection obligations. For example, many organisations donโt realise they hold โPersonally Identifiable Informationโ, or even understand how and why theyโve been quietly accumulating it. With fines of up to โฌ20 million for failures to protect information, it is imperative to ensure that your organisation is in compliance and equipped to deal with any data protection issue that may arise.
This is where we can help.
With decades of experience and an enviable track record in the IT Governance and Compliance field, our specialists can provide expert advice and solutions for data privacy and protection. Whether you need help with a particular aspect of the regulations or an all-inclusive service, we can deliver a cost-effective approach to provide the expertise and solutions you need.
Our Process
Data mapping
- Review and Audit data flows and perform a mapping exercise
- Establish the ownership of data held by the organisation
- Creation of data inventory, in order to develop a data protection program
Legality and consent
- Provide consent guidance and preparation for scrutiny
- Consent issuance support
- Assistance to demonstrate compliance with the principles of good data processing practices
Data storage and retrieval
- Help to provide a framework to organise data in line with requests from data subjects
- Guidance to implement technical controls to help ensure data is updated and/or removed in a way which is compliant with GDPR requirements
Data Privacy Impact Assessment
- Establish the circumstances under which a DPIA becomes a necessity for various organisational processes
- Define the specifics and detail of a DPIA, based on the organisationโs operations
- Plan, train or manage staff to perform Data Privacy Impact Assessments
Organisational structure
- Guidance on a DPO (Data Protection Officer) requirement for the organisation
- Recruitment support for a DPO requirement, or staff augmentation for the role
- Help establish and reinforce Board level support for GDPR updates
- Establish relationship with the relevant Supervisory Authority for the country of operation
Breach & security response
- Review and Audit the organisationโs data flows and perform data mapping
- Educate and plan key stakeholders, based on GDPR and Data Protection Act breach reporting requirements
- Reinforcement and Lead/Support testing, to help ensure that the organisationโs reporting capabilities remain appropriate
Securing the supply chain
- Formally document all relevant third parties handling PII
- Audit and define the requirements for suppliers as per GDPR
- Advice to amend contracts as required to ensure compliance
Securing PII
- Establish actions to secure the PII held or processed within the organisation
- Provide support with technical infrastructure
- Provide guidance on achieving ISO27001 certification