GDPR Related Services
Using our own tried and tested framework we can provide an assessment/audit of your current opertions to determine what controls are affective and what are missing in order to control the personal data in your care effectively.
Please read on below for a summary of the framework we use with various clients and what we use as part of our audits/assessments.
As your ‘ciritcal friend’ we can be on hand to support any of your needs. From quick fire queries through to in dept support for a project or initiative. We have several ways in which we support cleints, a few of which are below. However get in touch as we are happy to tailor to meet your needs.
- Project Subject Matter Expert
- X number of hours general support
- 1:1 mentoring/support for in house role(s)
- Incident support and guidance
- Board/C-suite advice
Using our experience across various sectors and approaches to managing personal data we have a range of ‘template’ starting point policies and procedures. These are based around our framework outlined below and include;
- Staff policies
- Privacy notices
- Information Rights and complaints procedures
- Incident and breach handling procedures
- Data Protection Impact Assessment
- Records of Processing Activities (ROPA) register
- Information Asset Register
- Data Sharing Agreement
- Data Processing Agreement
- Information Risk templates
Through specific digital or in person workshops, we can work with you to agree the learning outcomes and structure to ensure staff are trained to various levels of Data Protection skills or awareness. Previous examples of the sorts of things we have run include;
- employee awareness sessions
- subject access request handling
- incident handling & breach investigation
- handing DPIAs & Data Protection risk
- data sharing & police requests
- managing consent, marketing and privacy notices
We offer a remote Data Protection Officer (DPO) service.
Under the below headings we have outlined the various elements of the DPO service consists of. Each element starts from an established framework and can be tailored to meet your specific needs.
As part of the service we will provide you with template policies and
procedures that should be implemented as part of the terms of the
service. We will run through all of the terms and service levels with
you before we look to agree and start working with you.
To find out more information check out our remote DPO page.
Some of our clients
A large General Practice Social Enterprise:
As a large complex organisation with a number of practices to manage we were delighted to work with them on their GDPR implementation and general Informaton Governance practices.
A Financial Tech Company:
As a relatively young company we were fortunate enough to help them develop and embed good data protection and data governance requirements from the beginning of their journey.
A large district Council:
Working with this council we were able to deliver a innovative, informative and comprehensive training programme for all staff on GDPR. Training over 500 employees at various levels.
A multinational pharmaceutical testing firm:
It was a pleasure to work with this organisation to provide in house operational support for 4 months supporting projects, recruitment for a permanent post and general day to day operations.
A Mental & Physical Health Community Charity:
Working with this charity we have supported their implementation of GDPR, remote working and Microsoft 365.
Managing Data Protection requirements
Our framework and approach
How are third parties managed? Are standard contractual terms in place? How are information requests handled and information exchanged between organistations fairly, lawfully and securely?
Policies, procedures, roles and key governance processes to oversee and support the framework.
Audit, assessments, checklists and documentation needed to demonstrate accountablity.
How are records managed from creation to use and destruction/archive. Is records and information management embedded into the organisation.
From identification, assessment, mitigation and acceptance we look at the lifecycle of data protection related risk.
Procedures and templates for managing rights requests. This also includes issues hampering rights request handling and best practice.
What controls are in place around Cyber Security and wider information security? Do these 'talk' to each other? Is Cyber Security / Technical Security part of the Data Protection Governance framework?
Do staff fear or blame data protection? Do they know who to speak to? Can they answer basic questions or is Data Protection still a 'thing' to be blamed?
What our clients say