Our assurance framework ensures our clients are compliant and remain so with the requirements of the GDPR, UK DPA 2018 and PECR.
We use the ICO’s Accountability Framework and our own Privacy Framework to provide a comprehensive coverage of all aspects of GDPR, DPA 2018 and PECR.
Data protection legislations are constantly being updated due to new related regulations and case laws across the EEA and UK.
As GDPR is implemented and enforced member country enforcement establish case laws through court actions that clarify the regulation,which then requires updates to implementation.
We audit clients implementation to ensure they are still “compliant” or are meeting new requirements.
We often find that either client’s original implementation were not correct and need fixing or they are out of date and need updating.
Starting at £2999.00
Lawful Basis
Deciding upon the lawful basis for processing is critical.
Each type of processing must have one of six lawful basis.
Selecting an inappropriate or the wrong lawful basis can cause non-compliance, operational difficulties.
We analyse, the regulatory, statutory and business environment to help organisations select the most appropriate lawful basis for the processing.
Starting at £199.00
GDPR Readiness
This is a gap analysis for organisations with that already have a foundational data protection regime that need to assess the gap between their current posture and compliance with the GDPR requirements. We use our extensive, circa 300 item assessment tool to assess and provide a comprehensive report for management to action. This report can support data protection programme and project management, funding, resourcing etc, where required.
Starting at £4999.00
A DPA is mandatory between Data Controllers and Data Processors as per Article 28 of the GDPR. It sets out each party’s roles, responsibilities and liabilities and provides the mandatory written instructions for the data processor from the controller.
Starting at £499.00
A Record of Processing Activities (ROPA) is similar to an asset register but it is not an asset register. A ROPA is documents what processing is being carried out, the lawful basis, types of data, being processed and who the data is being shared with etc. It is mandatory requirements for some data controllers and processors but it is also a good practice to document the processing in a ROPA.
Starting at £999.00
GDPR Data Mapping
Data mapping provides an end to end understanding of what, how and where the data is being used. It allows for the identification of data, the stakeholders, and the protection of data. It can often provide an enterprise view of the data and data journeys.
Starting at £4999.00
It is important to ensure who is responsible and accountable for what and what are the relationships between Controllers, Processors and Joint Controllers if any. We use the data mapping and data flow process to ensure these roles are correctly defined and communicated in any privacy notices, DPAs. contracts etc.
Starting at £999.00
A DPIA is essential to understand the impact or risk of processing personal data on data subjects and then to assign controls to manage this impact and their rights and freedoms. It is a common mistake to to think a DPIA is just about technical or security risk.
Starting at £4999.00
Legitimate Interest Assessment (LIA)
A LIA is required where the Data Controller is relying on Legitimate Interest as the lawful basis for processing personal data. LIA ensures that consideration of the impact to the data subjects rights and freedoms have been considered before the processing. Evidence of LIA must be provided if requested to demonstrate how reliance on Legitimate Interest was reached.
Starting at £999.00
A DSA is not mandatory but is a good instrument to use to use to document any data sharing with partners, who are not Data Processors for examples with Joint Controllers.
Starting at £999.00
Data protection legislations are constantly being updated due to new related regulations and case laws across the EEA and UK.
As GDPR is implemented and enforced member country enforcement establish case laws through court actions that clarify the regulation,which then requires updates to implementation.
We audit clients implementation to ensure they are still “compliant” or are meeting new requirements.
We often find that either client’s original implementation were not correct and need fixing or they are out of date and need updating.