DATA PROTECTION CONSULTANCY SERVICES
DATA PROTECTION CONSULTANCY SERVICES
We provide organisations with a variety of consultancy services. These can include everything from one bespoke privacy notice, to a full data protection service. Our varied client base includes micro businesses, to worldwide organisations turning over billions.
As a business it’s important that you protect and respect the personal data that you collect, and most importantly it must be handled in line with the current legislation. Customer trust is at the forefront of many businesses, and showing them that you value their data and will do your upmost to protect it is key to maintaining that trust.
We have delivered many GDPR compliance projects. Our clients include ambulance service, large retailers, cinema chains, local authorities, and schools, among others.
Our experts are ready to deliver your project. We have qualified lawyers, GDPR practitioners, information security experts, qualified trainers, and business analysts ready to help.
PEACE OF MIND
Outsourcing this data protection service ensures your confidence that no stone will be left unturned. Our expert team are always here to help.
HERE WHEN YOU NEED US
You will have a dedicated project manager updating you every step of the way and providing you with weekly progress reports.
Every organisation’s data protection package will be different and based upon its needs, priorities, and information governance maturity levels.
We often suggest a governance model which enables clearer areas of responsibility, accountability and engagement across all levels of the business.
Using this model, we can provide a full suite of policies, plans and templates, including (but not limited to):
Internal and External privacy notices
This means that you can meet your transparency obligations under Articles 5, 12, 13, and 14 of GDPR. Typically, we encourage organisations (size dependant) to have between 2 and 3 privacy notices. These are for external users (i.e. customers, clients, service users), internal users (i.e. staff, contractors, temps etc.) and job applicants.
Data Incident and Breach Management Policies and Procedures
This means that any breaches or potential incidents involving personal data are escalated quickly, efficiently and with the correct information. From there the right people can action the policy so as to meet the statutory reporting timeframes, stop the breach, and address it so as to minimise potential harm to data subjects.
Marketing and Electronic Communication Policy
In a world where people are bombarded by electronic messaging (from digital marketing to emails in the office) there are a number of regulatory requirements. These requirements can in places be contradictory and outdated due to technological developments. DPAS will work with you to make sure you have a policy which means you only market where it is lawful to do so, and with the correct permissions in place.
Subject Access Requests and Individual Rights letters, templates, guidance and policy
GDPR introduces tighter timeframes and stringent validation criteria when responding to Subject Access Requests or other requests such as erasure and portability. It can be time consuming and confusing, with a number of exceptions being available. This policy when implemented successfully addresses these concerns.
Data Protection Impact Assessment Policy and Template
Data Protection Impact Assessments are statutorily required to be undertaken where processing is likely to result in a high risk to individuals (and other areas). This is a simple solution to an important area of compliance.
Retention Policy and Schedules
In an era of business where organisations are constantly bombarded by data, it is important to have clear retention policies and schedules so that you do not keep data longer than necessary. This policy helps to provide structure and encourages a way of thinking whereby data is not just seen as an asset, but also as a liability.
CCTV Audit and Gap Analysis
If you are using CCTV across your organisation, you must adhere to the Surveillance Camera Commissioner’s Code of Practice and the GDPR. We can perform an audit of your CCTV processing, provide risk assessment, gap analysis and reports. We can map data flows for you and create bespoke policies relating to CCTV for your organisation.
We can create your record of processing activities in line with Article 30 of the GDPR, and also complete a data map so you are sure where the data flows in and out of the business.
We can carry out Data Protection Impact Assessments (DPIA) for new systems that you may be thinking of precuring. We will do a thorough DPIA, risk assessment and report and provide you with DPO advice.