Data protection and GDPR support

What is GDPR

On 25 May 2018, the data protection regime under the Data Protection Act 1998 was replaced by the new EU General Data Protection Regulation (GDPR), with significant implications for all organisations. In the UK, the Data Protection Act 2018 Brexit-proofed this by implementing these standards into UK law for when the UK’s Brexit transition period came to an end under what is now ‘UK GDPR’.

Brexit also complicates the position of controllers or processors located outside the UK. They will need to comply with the UK GDPR but must appoint a UK representative for UK GDPR purposes. We can help you with this.

GDPR introduced tougher fines for non-compliance and breaches, and gives people more say over what can be done with their data. Subject access rights changed and there is now an onus on organisations to demonstrate compliance with data protection from the outset. This reflects and raises public expectations.

The GDPR increased penalties for non-compliance – fines can be up to 4% of total global annual turnover or €20m, whichever is greater. Regulators in the UK and Europe have started investigations and have started levelling fines at this new level.

All organisations, including small to medium-sized companies and large enterprises, have to take GDPR requirements seriously and be able to comply. May 2018 was only a start. And the environment in which we live and work is one where our personal data is all the more important and can be all the more at risk

Fines can be up to 4% of total global annual turnover or €20m

You must be aware and be able to comply on an ongoing basis

What we can do

We provide data protection, DPO and GDPR support drawing on many years of practical experience. We work with organisations and businesses across a wide range of sectors and industries to help assess and implement the changes needed to ensure and maintain compliance and to keep data protection compliance under review.

Ranging from short sharp assessments to deep dives, project support to ongoing help and ad hoc to regular support.

Examples of how we might work with you

Targeted assessment tailored to your scale and type of business, remote or onsite, to help identify where your key gaps are and what you might do
Expert support, one-off, periodic or ongoing and whether Virtual DPO, retained regular support or ‘phone a friend
Complete a full review of your policies, processes and procedures and draft new ones as appropriate - particularly in relation to how you process your customer data and to ensure that the concept of ‘privacy by design’ is properly embedded and auditable
UK GDPR support for people outside the UK who after the end of the Brexit transition period need a UK GDPR representative
Complete a full assessment of your technology arrangements (including a penetration test) and create a plan to upgrade the arrangements so that they are secure and comply with the new GDPR requirements
Design and implement a training and development activity to help your staff understand their role in data protection and ensure they are suitably skilled and knowledgeable

Virtual DPO support

We provide support across the whole range of DPO activities combining a depth of data protection and GDPR experience with the wider experience you may need to manage your personal data successfully and effectively.

The UK General Data Protection Regulation and the Data Protection Act 2018 have ramped up the standards for handling personal data. They make Data Protection Officers (DPOs) compulsory for many. You may be one of them. Or if you aren’t, you still might want the kind of support that a DPO can provide or just extra support for your data protection lead.

What can a virtual DPO do

We can help you with a range of DPO services from a virtual DPO to providing someone at the other end of the phone to talk through your concerns and ask any questions you might have.

Virtual DPO

Outsourced data protection officer service

Virtual DPO support

Support for your data protection lead even if they aren’t a formal DPO

Virtual DPO back-up

Back up data protection resource for those times when you need extra expertise or help

Virtual DPO help line

Someone when you want to ‘phone a friend’ and get help, support and an independent view

Virtual DPO services

The service provides support across the whole range of DPO activities combining a depth of GDPR experience with the wider experience you may need to manage your personal data successfully and effectively.

GDPR Programme Support

Support and advice on the development and delivery of your GDPR programme.

DPIA Support

Support with the development of tailored Data Protection Impact Assessments.

Training Support

Support with the development and launch of training to your business.

Process Support

Support with implementation of specific processes such as the handling of Subject Access Requests.

Subject Access Request Support

Management of Subject Access Requests

GDPR Compliance Support

Access to guidance and support on GDPR compliance and its implications.

Forms and Materials Support

Support on the development and implementation of standard forms and good practice materials.

Information and Reporting Support

Development of information and reporting on data breaches and data handling incidents.

Gap Analysis Support

Data protection and privacy by design arrangements, gap analyses and QA support.

Data Breach Support

Support with any data breaches.

Data Protection Support

A point of contact and reference on all data protection issues.

How does it work

We work with you to confirm your needs. We agree what level of support this means and we make the right help available to act as your Virtual DPO.
We make available to you the level of support you need for the amount of time and frequency you require per month. This can be modified as your GDPR programme develops and your business changes.
We agree “alert” and other response systems so that we can provide “as you need it and want it” support and then we get started.