We can provide the following data privacy and protection services depending on your state of readiness:
Readiness Review – this is interview based and covers the GDPR essentials and the context of your organisation. We also set out the estimated timescales and resources required, scope, next steps in the form of a programme plan and important milestones. This is useful for organisations that are starting out on the road to compliance or for organisations that are carrying out due diligence. It flags key issues of concern.
Data Implementation/remediation programme – the information provided from the Data and Purpose Review will determine the steps needed to comply with the GDPR. Questions that will be addressed include: is the processing of personal data fair and lawful? Have the 8 data protection principles being applied correctly to the processing of the personal data? Is there a lawful basis for the processing of the data? Is there a lawful data transfer mechanism in place? Depending on the answers given solutions will be provided.
GDPR Data Subject Rights review and remediation. The underlying objective of the GDPR is to protect and enforce data subject rights. As a culture these rights should be embedded in the procedures and processes of organisations when processing personal data. It is vital therefore to understand how these rights impact on and work with your business model so as to avoid any future negative impact on your business.
Data and Purpose Review – this is a detailed discovery exercise to find out the state of play as regards the GDPR compliance of your organisation. The information provided from this review will determine the lawful basis of your organisation (if any) for processing such data and the steps required to implement full GDPR compliance.
It is an in depth review of your organisation’s personal data landscape (or data mapping) which is used as the basis to implement your data implementation/remediation programme.
Review areas include: the legal basis for processing, the types of personal data processed (including special classes of personal data), the purpose of processing this personal data, where the personal data is processed and stored, identifying the technical and organisational security measures, retention periods for the personal data, transfers of personal data to third parties and to countries outside the EEA and the contracts that govern this and automated decision making.
GDPR Notifications (notices) review and remediation. This is outward facing to the data subjects. Identifying, correcting and understanding how to implement correctly the notices for data subjects to ensure transparency and accountability.
GDPR teaching and learning – in house.
We provide all new clients with a free initial consultation which includes a Readiness Review. There is no obligation to continue with our services after this initial free consultation. To get in contact with us for more information or to book your free confidential consultation please click here.
Our company can also provide an individual data privacy and protection service in the following areas to ensure GDPR, Data Protection Act 2018 and ePrivacy Directive compliance:
- Data Privacy Impact Assessment
- Policy and Procedures Review and Implementation
- Website and App review and implementation for Privacy Compliance
- Data Retention Review and Implementation
- Rights Workflow: this would include subject access requests, data portability requests, objections to processing of data, requests for rectification of data, requests for erasure/right to be forgotten, refusal to deal with requests, right to review of decision
- Breach Response Review and Implementation
- Review of outsourcing of the processing of personal data and third party providers including contract review
- Employer/employee related issues including review of all data protection related policies and procedures including employee contracts
- Review of organisational terms and conditions and terms of service
- Review of marketing procedures and databases (CRM, email, payroll etc.)
- Organisation training and awareness briefings
- Personal data compliance and audit
- Information asset register
- Review of whether DPO required
- Sector specific advice for SMEs, Charities and the Educational sector
Due to the wide scope of the privacy regulations (in particular the GDPR) clients quite rightly want visibility as regards the cost for any proposed service. We are happy to provide up-front fixed cost for work to be undertaken as well fixed price quotations for certain work packages based on your organisation’s needs. This provides visibility and comfort before entering into any agreement with us.