We understand that every business is different. That is why we also offer bespoke GDPR services tailored to you.
Some clients want to utilise our IT knowledge to audit third party processors, while others just want a GAP Analysis.
Our services include the following core elements:
This crucial stage delivers a deep understanding of your data environment and the privacy culture of your organisation.
GAP Analysis – To discover what steps you need to undertake to achieve expected compliance levels, you need to carry out an initial GAP analysis. This involves having a team of key stakeholders and then identifying a high-level picture of your organisations current environment against the expected standards of compliance principles. We guide you through the process and deliver a comprehensive compliance report and business case.
Project Planning – Once you understand the gaps in your Data Privacy environment you can put in a place a pragmatic plan, which balances your appetite for risk, budget and available resources across the seven key areas of data governance. This crucial planning stage enables you to set priorities for each stage of your implementation and management journey.
Data Mapping – To achieve a privacy environment you need to understand what data you have, where the data came from, where that data is stored and who has access to it. By carrying out a data and process mapping, you will gain the insight needed to make the critical decisions regarding collection, storage, retention and access.
Data Privacy Impact Assessments (DPIA) – Mitigate risk and ensure your organisation develops “Privacy by Design” by running DPIAs. These should be carried out where personal data is at high risk or when changes to your environment are made. By evaluating the measures, safeguards and mechanisms of your systems and making necessary changes before processing personal data, you can significantly lower risk.
This stage takes the information gathered and delivers on the cohesive plan and agreed actions so that you can take your organisation on its data privacy and security journey.
Framework implementation – You have the plan but how do you implement it with limited resources? Working across the business, our implementation services take away the pain by delivering agreed outcomes. This valuable resource ensures you’re well on your way through your Data Privacy and security journey, in a clear and methodical manner that includes tangible progress reporting.
Document Delivery – You need to have policies and supporting documentation that deliver and support your data privacy framework. Our easy to use and comprehensive portfolio of relevant policy documentation will ensure that you have the tools to manage your organisations data privacy environment, without the headache of starting from scratch.
Supply Chain Auditing – You take responsibility for the data you hold even though others may be holding or processing that data. For example, you may use an online case management system or CRM. You may have an outsourced IT Services company. Do they have the controls and protections that will minimise your risk of data breach? These audits deliver the insights that enable you to judge the risk and actions required to safeguard your organisation.
Business Continuity Planning – Many companies struggle to survive following significant incidents. Instead, implement a comprehensive Business Continuity plan that reduces risk and ensures that roles and responsibilities are clearly defined.
Your organisation needs to maintain, react and respond to various changes internally and externally. For example, legislation and regulation environments are due to change in the coming years and you will need to have plans on how to deal with requests and breaches.
Auditing – You think that you have a good Data Protection stance but require some impartial external validation. We can audit your business, so that you can tangibly demonstrate your progress and Data Protection Stance. As part of this, we can also provide IASME backed audits based on ISO27001 principles.
Training – Your staff are crucial to the successful implementation and maintenance of your security framework. Our packages of training, in conjunction with our partners, can deliver a variety of options tailored to your requirements. Our packages ranges from basic awareness training to full GDPR preparation training, specifically for the education sector.
Breach and Request Management – Organisations only have up to 72 hours to report a breach to the ICO and a month to respond to data requests. This is not a simple task and we’re here to help you through the process. This critical stage can have a big impact on outcomes and is typically resource intensive, so it is important that you get it right!
Outsourced DPO – You may need a Data Protection Officer in certain circumstances or someone who can assist in the ongoing management of your Data Privacy and Security Framework. Our proactive management services ensure you are only a phone call away from advice or assistance. Just like outsourced HR, this tailored service is the most cost effective way to gain the expertise you may need.