Understanding and minimising the risk of identifiability

Understanding and minimising the risk of identifiability

Understanding and monitoring the data assets your organisation holds is crucial since knowing whether data is personal or not determines the application of EU Data Protection Law. Whereas the processing of personal data may be vital for providing your services
What is Mobile Device Management and how your organisation can get started

What is Mobile Device Management and how your organisation can get started

Our mobile devices play a central role in our lives today. Whether they be smartphones, tablets or in other forms such as wearables. They are the first devices to hand when managing our digital lives – both personal and business
Consent and Cookies – The Impact of the Planet49 Judgement on Website Operators

Consent and Cookies – The Impact of the Planet49 Judgement on Website Operators

A recent judgement from the Court of Justice of the European Union (CJEU) concerning valid consent, and the processing of information for the use of cookies and related technologies will have a significant impact on transparency and control mechanisms that
The Implications of ISO 27701 for organisations seeking privacy certification

The Implications of ISO 27701 for organisations seeking privacy certification

ISO27701 is set to be the international standard for Privacy Information Management Systems (PIMS). It allows organisations that have already achieved ISO 27001 to align their privacy and Information Security Management Systems (ISMS) and demonstrate an appropriate control environment. In
Data Protection and Securing your Website

Data Protection and Securing your Website

Data protection legislation now regulates every aspect of processing personal data, and your web presence is your shop window for your customers and a visible testament to how you treat their personal data. It is often your primary channel for
Shaping the Future of International Transfers of Personal Data – CIPL Publishes Their Take on the Development of the Next Generation Standard Contractual Clauses

Shaping the Future of International Transfers of Personal Data – CIPL Publishes Their Take on the Development of the Next Generation Standard Contractual Clauses

On August 7 the Centre of Information Policy Leadership (CIPL) published their white paper titled: “Key Issues Relating to Standard Contractual Clauses for International Transfers and the Way Forward for New Standard Contractual Clauses under the GDPR,”  as part of
How to ensure your website does not breach the data privacy framework: Key recommendations

How to ensure your website does not breach the data privacy framework: Key recommendations

The lack of awareness around mental health leads individuals, patients or not, to look for answers to questions about mental health conditions online. The paradox lies in the ease with which we tend to share information, assumptions or inferences about
Reporting Personal Data Breaches: proving the "unlikely"

Reporting Personal Data Breaches: proving the “unlikely”

There has been an ongoing discussion regarding the reporting of breaches to National Authorities since Regulation (EU) 2016/679 (GDPR) went live just over a year ago. Pinsent Mason’s law firm, in their recent review of reporting of personal data breaches
GDPR and scientific research

Key lessons on GDPR and scientific research

The new world economy relies on data-driven technologies and systems. Data is knowledge and innovation, ensuring scientific progress. There is a strong debate on whether the new General Data Protection Regulation (GDPR) constitutes an enabler or hindrance for scientific research.
European Data Protection Supervisor Publishes information note on international data transfers after Brexit

European Data Protection Supervisor Publishes information note on international data transfers after Brexit

On July 16, the European Data Protection Supervisor (EDPS) published an information note detailing the different scenarios which may arise for international transfers of personal data to the United Kingdom from the EU in the event of a deal/no-deal Brexit.
Privacy Frameworks and Standards – A Measurable Approach to Privacy Compliance

Privacy Frameworks and Standards – A Measurable Approach to Privacy Compliance

Privacy frameworks are a maturing area, much like Security Frameworks have been in the past decades. Publications such as the ISO/IEC 27001 series of information security standards together provide a framework for risk management through information security best practices and
Using GPS tracking on commercial vehicles: a German perspective

Using GPS tracking on commercial vehicles: a German perspective

Many organisations use GPS tracking in the vehicles they operate claiming necessity for protection against theft, general fleet management and monitoring deliveries, etc. One of the first rulings under GDPR and Germany’s updated Data Protection Act (BDSG-new), has provided clearer
Loading...

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)