5 DATA PROTECTION AND INFORMATION SECURITY AUDITS
DPAS were asked to help our client understand how they can improve their compliance with the relevant data protection legislation. The goal of the project was to analyse the current compliance position, and provide recommendations as to how to improve their compliance across the partnerships. DPAS conducted a thorough audit assessment, providing a high-level overview, alongside detailed supporting reports, to provide the client with a full evaluation of the existing compliance, current risks, remedial work required and areas for improvement.
SURVEILLANCE COMPLIANCE PROJECT
Our client is the borough council of a thriving town with millions of visitors a year and a population of over 150,000 people. Over the years, surveillance camera systems have been installed in multiple sites across the borough. Our client was concerned about the compliance of their surveillance systems and as such was seeking external support to assess current practices regarding surveillance and remediate any risks highlighted throughout the project.
SUBJECT ACCESS REQUESTS REDACTION, INTERIM DATA PROTECTION MANAGER, OUTSOURCED DATA PROTECTION OFFICER.
DPAS has been working with an ambulance service since 2017 providing a variety of services to ensure they are compliant with Data Protection legislation. Some of the services include preparing them for GDPR implementation in 2018 which included audit, policy development, embedding new processing, staff training and more. Since then, we have supported them through interim management support, subject access requests processing and redaction, staff training, and outsourced Data Protection Officer and Manager services.
DATA PROTECTION CONSULTANCY SERVICES
Following an external review of data protection in their organisation, we were approached by a high-profile retailer to implement a compliance project. We worked with the client to design and embed a suite of data protection and information security policies, complete accountability documentation as dictated within the GDPR, created new processes in-house and designed a training programme for the organisation.
DATA PROTECTION CONSULTANCY SERVICES SPECIFIC TO CCTV
We were approached by the Council to provide a gap analysis on their CCTV and Surveillance handling across the Borough. We completed the gap analysis and highlighted the current risks within each site that is processing CCTV, ANPR and Body Warn Video.
Risks included the completion of DPIAs, supplier assessments, data sharing and data processing agreements, signage, policy review and remedial advice.
GDPR CONSULTANCY SERVICES
A district council engaged us to be their operational GDPR Subject Matter Experts (SME) and wanted us to work with them to ensure they were compliant with Data Protection Law. Our client processes extremely high quantities of data, including special category data and are subject to extensive regulatory review.
The council had made small steps towards compliance, but the data protection governance arrangements and the project needed a complete overhaul to ensure they’d reach a good level of compliance before May 2018.
DATA INCIDENT AND BREACHES ROOT CAUSE ANALYSIS PROJECT
Our client is one of the largest local authorities in England processing high volumes of personal data including special category data.
We were approached by the Council to provide an in-depth analysis of their data incidents over the past 2 years. They wanted to understand why their incidents had increased over the past 2 years and what they can put in place to prevent incidents from happening in the future.