Compliance Support 

Data protection legislation requires that organisations demonstrate ongoing compliance.  

We will work with you to create a compliance plan that maps actions to be taken across your organisation to improve your compliance profile. These actions might include: 

• Developing new policies to close compliance gaps; 
• Implementing regular documentation review, including related to data breaches, storage and retention, SARs and training; 
• Assessing or developing data sharing agreements, data processing agreements, joint controller agreements;  
• Identifying and implementing appropriate technical and organisational measures; 

• Maintaining a library of Data Protection Impact Assessments; 

You will achieve a portfolio of documentation that demonstrates compliance with legislation and helps you build a data protection culture across the organisation. 

Data Protection Impact Assessment  

Data Protection Impact Assessments (DPIAs) help protect you and your projects by identifying and help you mitigate data protection risks. In some cases, they are even legally required.  

 We can help you develop your DPIA process to fit your organisation and the type of processing that you carry out. The DPIA process can be adapted to suit large scale projects or integrated as a business-as-usual process. We can support you by providing training and assistance to guide your team every step of the way. 

The output will be a comprehensive assessment that demonstrates compliance and reduces risk to your organisation and your customers.

Training

Strong training and awareness-raising helps organisations to save time and resources as staff are ready to proactively assess and mitigate risks. Our data protection training enables organisations to:  

• Build awareness within teams  
• Implement data protection policies and procedures effectively 
• Prevent personal data breaches
• Embed mechanisms for risk monitoring and escalation  
• Demonstrate good data governance and accountability 

Our training packages can be offered in a variety of formats and tailored to your organisation. They can cover multiple topics, from the standard GDPR and Data Protection Act 2018 training to more tailored marketing training (ePrivacy, PECR, etc.). From general knowledge sharing to practical, tailored workshops, your employees will become confident in dealing with data responsibly. 

Audits / Assessments 

Compliance is an organisation-wide challenge. With different departments depending on each other to meet compliance goals, it is essential to ensure that there is a holistic strategy in place to meet data protection requirements and information security needs. 

Our audit methodology can assess specific systems, or the organisation as a whole, to provide assurance that the policies and procedures in place are appropriate and that everyday practice is aligned to them. 

Our audits and assessments take account of your organisation’s unique compliance profile, providing you with evidence of good practice and identifying how your organisation can improve compliance into the future.

Outsourced DPO/DPM 

A Data Protection Officer or Data Protection Manager can be an essential support in building and maintaining data protection compliance. However, it can be a challenge to find these resources within your organisation. 

Our external DPO/DPM service closes this gap by providing an end-to-end compliance support service, providing advice, building & maintaining policies, procedures and documentation, supporting good practice in DPIAs, communicating with data subjects and external stakeholders and managing breaches and investigations. 

Your organisation will have access to some of the most experienced advisors in Europe, who will work in partnership with you to reduce your risks and improve your practice. 

SAR Support  

Effectively responding to Information Requests from individuals and other interested parties has emerged as an area of increasing burden for organisations in many industries, requiring a significant resource investment and disrupting other compliance responsibilities. 

Our SAR Support service provides practical, expert guidance and excess capacity to support your team.  

We cover all phases of Data Subject Access Requests and other individual rights requests, from the analysis of documentation to de-duplication, classification, redaction, and delivery. We also support exemption identification and application alongside other regulatory requirements. 

This service will enable you to minimise your organisational burden while ensuring that the rights of individuals are upheld

Crisis support 

Crises are complicated. They require swift action and a firm hand to ensure minimal impact on the organisation from a financial, reputational, and regulatory perspective.  

Our team of experts is available all year round to assist you in scoping, managing, and resolving regulatory and public image crises deriving from incidents, breaches, public attention from the press, and many more.  

We help you investigate the issue, involve stakeholders, draft communications to the supervisory authorities, data subjects, and the public to ensure that your remedial actions have maximum impact. 

Data Security Support 

Data protection law requires that you demonstrate sufficient technical and organisational data security measures. However, many data protection professionals lack confidence in assessing technical documentation and IT protocols. 

Our Data Security Review service is built on the well-established CIA Triad – Assessing the Confidentiality, Integrity, Availability and overall resilience of your organisation’s information systems. It integrates elements from ISO 27001 requirements, the ISO 27701:2019 extension on Privacy Information Management and national requirements.  

This assessment will provide you with assurance that your information security function is providing sufficient support to your data protection programme. For more information on our cybersecurity services, click here. 

Data Transfer Impact Assessment

International data transfers are intrinsically risky for organisations that are active internationally. Data flows involve security, organisational, and privacy compliance risks that should be mapped and addressed. 

Our team helps you map your international data flows, including detecting which countries require enhanced assessment and attention.  

We assess the regulatory context in transfer-destination countries to determine whether your customer data is safe when accessed or stored there.  

Both when the data transfer can go ahead or not, our team helps you draft the required accountability documentation, to ensure that any complaints or investigations are swiftly addressed and closed. 

Register of Processing Activities 

Having a good ROPA in place is not only a statutory requirement for most organisations, but it is also an excellent way to map data processing activities and identify weak points, further requirements, and areas that require attention or action.  

We will help you define an action plan to complete this complex activity and conduct interviews with internal company functions with or for you. 

We then help you flag missing compliance items, as well as define and design any process changes that you may need to implement in the short, medium, and long term to ensure that these are tracked and accomplished. 

DPO Assist  

Our DPO assist service allows your internal DPO to carry out day-to-day data protection activities, while relying on our specialist support for additional labour, new challenges and complex situations when needed.  

The DPO assist gives you access to specialist support on a need-to basis on data protection and data governance issues, including new challenges and complex situations.