GDPR Related Services

Assessments & Audits

Do you know what you need to do to implement good personal data management? Through our assessment and audit programme we can help find the areas that need your attention and give advice on how to give them the care they need.

Training & key skills

Through our training model we can work with your employees or volunteers of any level to give them practical personal data management skills and knowledge either remotely or inhouse.

Specialist knowledge & support

Sometimes it helps just having a critical friend on hand to help out with advice and guidance. We can be there for you with advice, guidance and practical tips for taking care of the personal data you use.

Using our own tried and tested framework we can provide an assessment/audit of your current opertions to determine what controls are affective and what are missing in order to control the personal data in your care effectively.

At the end of the assessment  you will receive a simple and plain english report with risk ranking and advice on appropriate actions needed for the areas we find.

Please read on below for a summary of the framework we use with various clients and what we use as part of our audits/assessments.

As your ‘ciritcal friend’ we can be on hand to support any of your needs. From quick fire queries through to in dept support for a project or initiative. We have several ways in which we support cleints, a few of which are below. However get in touch as we are happy to tailor to meet your needs.

  • Project Subject Matter Expert
  • X number of hours general support
  • 1:1 mentoring/support for in house role(s)
  • Incident support and guidance
  • Board/C-suite advice

Using our experience across various sectors and approaches to managing personal data we have a range of ‘template’ starting point policies and procedures. These are based around our framework outlined below and include;

  • Staff policies
  • Privacy notices
  • Information Rights and complaints procedures
  • Incident and breach handling procedures
  • Data Protection Impact Assessment
  • Records of Processing Activities (ROPA) register
  • Information Asset Register
  • Data Sharing Agreement
  • Data Processing Agreement
  • Information Risk templates
Please note, these are not templates that you can just deploy. Each template requires you to complete certain aspects to tailor it to your organisation. This can be done either yourself, or with our support if you select this as part of your service. Policies and procedures should never just be lifted and shifted into an organistion, otherwise they are not worth the paper they are written on. #JustaThought.

Through specific digital or in person workshops, we can work with you to agree the learning outcomes and structure to ensure staff are trained to various levels of Data Protection skills or awareness. Previous examples of the sorts of things we have run include;

  • employee awareness sessions
  • subject access request handling
  • incident handling & breach investigation
  • handing DPIAs & Data Protection risk
  • data sharing & police requests
  • managing consent, marketing and privacy notices
Get in touch below for a tailored quote based on your specifications.

We offer a remote Data Protection Officer (DPO) service.

Under the below headings we have outlined the various elements of the DPO service consists of. Each element starts from an established framework and can be tailored to meet your specific needs.

As part of the service we  will provide you with template policies and
procedures that should be implemented as part of the terms of the
service. We will run through all of the terms and service levels with
you before we look to agree and start working with you.

To find out more information check out our remote DPO page.

Some of our clients

A large General Practice Social Enterprise:

As a large complex organisation with a number of practices to manage we were delighted to work with them on their GDPR implementation and general Informaton Governance practices. 

A Financial Tech Company:

As a relatively young company we were fortunate enough to help them develop and embed good data protection and data governance requirements from the beginning of their journey.

A large district Council:

Working with this council we were able to deliver a innovative, informative and comprehensive training programme for all staff on GDPR. Training over 500 employees at various levels.

A multinational pharmaceutical testing firm:

It was a pleasure to work with this organisation to provide in house operational support for 4 months supporting projects, recruitment for a permanent post and general day to day operations.

A Mental & Physical Health Community Charity:

Working with this charity we have supported their implementation of GDPR, remote working and Microsoft 365.

Managing Data Protection requirements

Our framework and approach

Third Parties

How are third parties managed? Are standard contractual terms in place? How are information requests handled and information exchanged between organistations fairly, lawfully and securely?

Governance

Policies, procedures, roles and key governance processes to oversee and support the framework.

Assurance

Audit, assessments, checklists and documentation needed to demonstrate accountablity.

Records

How are records managed from creation to use and destruction/archive. Is records and information management embedded into the organisation.

Risk

From identification, assessment, mitigation and acceptance we look at the lifecycle of data protection related risk.

Rights

Procedures and templates for managing rights requests. This also includes issues hampering rights request handling and best practice.

Security

What controls are in place around Cyber Security and wider information security? Do these 'talk' to each other? Is Cyber Security / Technical Security part of the Data Protection Governance framework?

Culture

Do staff fear or blame data protection? Do they know who to speak to? Can they answer basic questions or is Data Protection still a 'thing' to be blamed?

What our clients say

Get in touch

Pssst!

We’ll only use this data to liaise with you about your query. Once we’re working together, it will form part of your arragement with us. Read more here

Phone: + 44 7970 317446
Email: info@lighthouseig.com
MON-FRI 09:00 - 19:00 SAT-SUN CLOSED
close

Sign up to hear more from us!

When you subscribe we'll send you an email to confirm you are happy to receive blog post news from us. That email and all subsequent emails will contain details for how you can tailor what you receive from us and how you can turn it off completely! Any queries, message us via the details below or check out our privacy policy.