GDPR Compliance

The Data Protection Act 2018 and the General Data Protection Regulations (GDPR) have applied in the UK from 25th May 2018. The UK’s decision to leave the EU will not affect this.

The rules apply to ‘personal data’ and make it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

The GDPR cover ‘data controllers’ and ‘data processors’. A data controller says how and why personal data is processed and a data processor acts on the controller’s behalf.

The accountability principle states explicitly that it is your responsibility to demonstrate that you comply.

If you are a data processor, the rules place new specific legal obligations on you and you have significantly more legal liability if you are responsible for a breach.

Subscription Services

Knowledge Overview

Business owners and senior people do not have time to keep up to date with developments in data protection best practice. We offer regular information on:

  • The latest Data Protection practices
  • Changes in the law and consultations
  • ICO conferences and events
  • ICO enforcement action

Price £10/month with 12 months minimum subscription.

Frequently Asked Questions

Questions pop up from time to time and it’s not always easy to find an answer. We can give access to a knowledge base with the answers to frequently asked questions about data protection issues.

Price £10/month with 12 months minimum subscription.

Training

  • Induction training for new members of the team
  • Update training (as required) for all team members
  • Yearly competence assessment in Data Protection and Information Security

£330 per day or £200 per half day plus travelling.

Ask about our portal service for which there is an annual subscription of £30 for up to 10 users, each additional user is £2. For each use of a course there is a charge from £5 depending on the content. The portal can be made bespoke to the business if required in which case the annual subscription is £80 for up to 40 users.

Primary Point of Contact

Act as the main route for contacts with the Supervisory Authority using pre-agreed processes. Where additional work is required this can be carried out at our normal consultancy fees i.e.;

  • DPIA requests
  • Data subject complaints
  • Working with ICO audits or inspections
  • £10 per month for a minimum of 12 months

Managing and monitoring the processes for Data subject rights requests

  • Respond to subject access requests (SAR’s)
  • Co-ordinate deletion requests

£50/month for a minimum of 12 months. Subject to a maximum of 2 requests per month.

Documents

Data Protection Policy

A policy will help you address data protection in a consistent manner. This can be a standalone policy statement or part of a general staff policy. The policy should clearly set out your organisation’s approach to data protection together with responsibilities for implementing the policy and monitoring compliance. The policy should be approved by management, published and communicated to all staff.

We will provide a free, no obligation quote for producing this document.

Privacy Notice

Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice.

We will provide a free, no obligation quote for producing this document.

Website Data Protection

We will provide a bespoke ‘Privacy Notice’ and set of ‘Terms of Use’ for a website, for £149.

Consultancy Services

Helpline

Sometimes there is a question that cannot be resolved easily. We can provide an email helpline providing direct answers to business specific queries and questions on data protection matters.

£25/month for 12 months

Manage Data Protection Activities

For example:

  • Carry out/advise on Privacy Impact Assessments
  • Carry out Internal Audits on procedures
  • Bespoke policy and, or process development (and implementation)
  • Penetration testing for websites and networks.

Price on application.

Data Protection Officer as a Service

For most businesses this is a non mandatory role, but it still may be useful to appoint a Data Protection Officer to your business. Read more…

Please get in touch to get the ball rolling…