Data Protection Services
CORONAVIRUS UPDATE – with many people now working from home it is critical that businesses have their data protection systems in place and are fully compliant.
Data privacy has never been more important. Legislation has put individuals firmly in control of their own data, and businesses are required to ensure they put into place documents, systems and processes that protect individuals’ data and enable them to exercise their statutory rights over their personal information.
It is very important to ensure that your organisation is fully compliant with the UK General Data Protection Regulation 2018 (UK GDPR), the new Data Protection Act 2018 which supplements the GDPR, and the Privacy & Electronic Communications Regulations (PECR) 2003. There are a number of key documents that you are required to have in place, but in order to demonstrate accountability there are additional actions required of businesses, such as staff training, in some cases the appointment of a Data Protection Officer (see below) etc. It’s important to note that leaving the EU has not affected businesses' need to comply!
We can help you with your data protection compliance. Our qualified and experienced privacy professionals will take you through the step-by-step process of ensuring you have all the documents, processes and procedures in place. Substantial fines are available to the Information Commissioners Office (ICO) for non-compliance. Staff training is also mandatory under the GDPR as all employees are required to have an understanding of data protection rules, understand and comply with the documents, know how to deal with queries from data subjects e.g. customers, understand how to recognise an access request, data breach etc. We can offer remote or in-house training and this can form part of an overall package if required.
Ancillary Services - our carefully selected partners can offer technical solutions to keep your data safe and secure. Services include secure cloud hosting and backup, supply of laptops and peripherals, cyber security, penetration testing, and important certifications such as Cyber Essentials, Cyber Essentials Plus and ISO 27001.
We have noted that very many organisations are still not fully compliant, including those dealing with special category data (previously known as sensitive data). The rules around this are understandably strict, and the implications of getting this wrong, or having a data breach, can lead not only to a heavy fine but to irreversible reputational damage. There are a number of documents and processes that organisations are required to have in place in order to demonstrate compliance.
It is important also to note that if you do business or transfer data to the U.S.A or other countries outside of the EEA (for example using U.S.A. based software services) the recent Schrems II court case concerning Privacy Shield and Standard Contractual Clauses may well affect you. Read more about this in our Blog posts here
Data Protection Officer Services
We can also offer Data Protection Officer (DPO) Services – some organisations are required by law to appoint a DPO; for example, those processing large volumes of special categories of data as defined under Article 9 of the GDPR. These are - health data, biometric data for the purpose of identification, genetic data, data concerning racial or ethnic origin, trade union membership, sexual orientation or sex life, political opinions, religious or philosophical beliefs. This will include many healthcare businesses, most GP practices as well as other sectors. However, the ICO recommend that you at least consider appointing a DPO in any case if you process personal data (which virtually all businesses do) and to document your rationale if you choose not to. Often it is seen as good practice to appoint a DPO in order to demonstrate to your customers and staff that you take data protection seriously.
Our DPO services give you access to a named professional who can help to keep you compliant, conduct data protection audits, liaise with the ICO and data subjects on your behalf as well as assisting and advising on specific tasks which will inevitably come your way, such as Data Protection Impact Assessments, Data Subject Access Requests, staff training (a legal requirement) etc.
Under our affordable and cost-effective monthly packages much of the work we do as DPO’s can be done remotely, but we would also make onsite visits to conduct audits, training and present reports to management. It is important for a DPO to really understand the business, so beware of cheap packages that offer online only support! The duties, expertise and responsibilities of a DPO are significant and not to be underestimated – see here for full details or you can download a full overview document from the EU here
If you would like to discuss our data privacy services or are considering appointing a DPO, give us a call or use the contact form here. We are always happy to have an informal chat at no cost and with no obligation.
""We used Nick's services in 2018 to ensure we were GDPR-compliant. He helped us navigate the mass of regulations and, in the process, highlighted some other aspects of our procedures and statements which could be improved. We were very grateful for his assistance and wouldn't hesitate to use him again or recommend him to others." Brian Quinn, Penny Post.
“Nick completed my GDPR documents earlier in 2020, he was very professional, honest and knowledgeable. I highly recommend his service to ensure all your documents are up to date as this is a necessity in a fast moving technology based world.”
- Doctor Leah Austin - General Practitioner