GDPR Consultancy Services & SME Advice
The ambulance service engaged us to be their operational GDPR Subject Matter Experts (SME).
Using the ICO’s 12 Steps to Compliance as a framework, we developed globalised, organisation specific policy packages and evidence requirements.
We delivered tailored training, engaged stakeholders by providing briefings and practical materials (such as Data Subjects’ Fundamental Rights to… decision trees), giving key stakeholders updates on the project plan and information pertaining to ongoing risk-based analysis.
We have delivered the following for the ambulance service:
- Full suite of policies, plans and templates, including
- Data Privacy Impact Assessments;
- Data Security;
- 3rd party Contract Management; and,
- Consent Management/ Review.
- Daily policy clarifications, Q&As, support or delivery managers.
- Development of a business case and plan (including changing implementation demands pre and post May 2018).
- Development of and leadership of regulatory and internal governance processes.
- The development of a future target operating model for data management.
After our successful GDPR compliance project delivery, our client engaged us for a further 12 months to provide outsourced Data Protection Officer services. Our client saw significant value for money compared with a full-time member of staff onsite with similar skills to our SME. We are able to offer such value for money by providing only 1-2 days onsite per month whilst providing 24/7 virtual DPO services via our DPAS office. We field all enquiries to relevant, experienced DPOs within our team.
The services we offer to our clients are as follows:
- Named Data Protection Officer with 20 years’ experience;
- Named Deputy Data Protection Officer;
- 24/7 data breach hotline;
- SME advice daily;
- 48-hour clarifications log process (for internal enquiries);
- Advice on and sign off of DPIAs and data subject rights;
- Ongoing monitoring of compliance to data protection laws relevant to the Industry;
- Raising awareness of data protection within the Organisations via monthly staff bulletins;
- Yearly Data Protection Audit;
- Cooperation with the ICO on behalf of the Organisation;
- Access to full suite of template policies;
- 1 Staff Training Day for Managers – CPD accredited foundation GDPR course.
Our client processes extremely high quantities of data, including special category data and are subject to extensive regulatory review.