Data Protection Consultancy Services &
Data Protection Officer Support
A district council engaged us to be their operational GDPR Subject Matter Experts (SME) and wanted us to work with them to ensure they were compliant to the GDPR pre-May 2018. Our client processes extremely high quantities of data, including special category data and are subject to extensive regulatory review.
The council had made small steps towards compliance, but the data protection governance arrangements and the project needed a complete overhaul to ensure they’d reach a good level of compliance before May 2018.
We helped the council to implement a new governance structure ensuring that each department had a data champion, those were overseen by the data guardians, and then in turn over seen by us as their outsourced data protection officer. We provided training for all staff across the council, including those with a higher level of responsibility with regards to data processing, CPD accredited foundation courses.
Using the ICO’s 12 Steps to Compliance as a framework, we developed globalised, organisation specific policy packages and evidence requirements. We delivered tailored training, engaged stakeholders by providing briefings and practical materials (such as Data Subjects’ Fundamental Rights to… decision trees), giving key stakeholders updates on the project plan and information pertaining to ongoing risk-based analysis.
We provided the council with a GDPR Subject Matter Expert who spent 4 days a week onsite, a GDPR project manager and a Data Protection Officer.
Our subject matter expert assisted the individual teams as the first step of the project to complete a full Record of Processing Activities to ensure compliance to Article 30.
We delivered the following for the council over the course of the project:
A record of processing activities for each department within the council.
- Full suite of policies, plans and templates, including
- Data Privacy Impact Assessments;
- Information Security
- 3rd party Contract Management; and,
- Consent Management/ Review.
- Daily policy clarifications, Q&As, support or delivery managers.
- Development of a business case and plan (including changing implementation demands pre and post May 2018).
- Development of and leadership of regulatory and internal governance processes.
- The development of a future target operating model for data management.
After our successful GDPR compliance project delivery, our client engaged us for a further 12 months to provide outsourced Data Protection Officer services.
Our client saw significant value for money compared with a full-time member of staff onsite with similar skills to our SME. We are able to offer such value for money by providing only 1 2 days onsite per month whilst providing 24/7 virtual DPO services via our DPAS office.
Our team is able to field enquiries to relevant, experienced DPOs within our team.
The services we offer to our client is as follows:
- Named Data Protection Officer with 20 years’ experience;
- Named Deputy Data Protection Officer;
- 24/7 data breach hotline;
- SME advice daily;
- 48-hour clarifications log process (for internal enquiries);
- Advice on and sign off of DPIAs and data subject rights;
- Ongoing monitoring of compliance to data protection laws relevant to the Industry;
- Raising awareness of data protection within the Organisations via monthly staff bulletins;
- Yearly Data Protection Audit;
- Cooperation with the ICO on behalf of the Organisation;
- Access to full suite of template policies;
- 1 Staff Training Day for Managers – CPD accredited foundation GDPR course.