For a basic monthly fee we provide support and guidance to your Organization.
Data Protection as a Service
1. Monitoring, Support & Training :
Data Protection Reports are considered as LIVE documents. The Information contained can change depending on the organizational processes and keeping track of this information can be challenging.
Our main objective is to reduce that administrative burden, prevent your organization from having to repeat Phase 1 (Data Protection Program) and reduce your exposure to potential Data Breaches.
We take Data collected from completing the ICO registration processes and enter it into sophisticated software that we use to help track & monitor your program. Typically, we would also conduct monthly “Check up’s” – where we would confirm & document any changes in your processing habits.
2. Data Flow Mapping:
We create a document that will track and display the lifecycle & intended recipients of each data record processed and submit to the Commissioner.
In compliance with the DPA (Section 6), If you encounter a data breach or receive Data Subject Requests, this document will be key to quickly & effectively tracing that Data .
3. Data Impact Assessments
A Legal Requirement: The Data Protection Act requires organizations to submit a comprehensive DPIA (Data Protection Impact Assessment) no later than 90 days from the prescribed date. (Section 45 Data Protection Act).
As part of your monitoring service, we would compile and submit to the Commissioner your annual DPIA report.
4. Creating a Privacy Policy & Statement:
A Privacy Policy document clearly states what personal information you process and how you intend to use that data. It presents your legal case for processing and provides contact information for data subject requests. A Privacy Policy statement should made be available for the public to view / access.
Not having a Privacy Policy could potentially expose your organization to non-compliance and further legal liability.
a description here.