Enhancing the investigation, prosecution and prevention of tax crimes in the EU
Enhancing the investigation, prosecution and prevention of tax crimes in the EU
Trilateral Research is proud to be working with our PROTAX project partners to organise the PROTAX Conference: enhancing the investigation, prosecution and prevention of tax crimes in the EU. The ...
Project Solebay Conference - Discussing modern slavery in conflict
Project Solebay Conference – Discussing modern slavery in conflict
"When we oppress others, we end up oppressing ourselves. All of our humanity is dependent upon recognising the humanity in others." Desmond Tutu On 14th May, Trilateral Research and St ...
Privacy Impact Assessment
Assessing the Ethical, Legal and Social Impacts of new technologies: the EUNOMIA project case study
There is increasing hype about Artificial Intelligence (AI) and machine learning progressively being integrated into more domains of our personal, social and professional life; dating applications “choose” the “right” match, ...
SHERPA future scenarios, use of AI, stakeholder engagement
How will AI and Big Data shape our future?
Artificial intelligence is already having a major impact on our lives, society and economy for the good and the bad. Currently, AI raises many issues relating to privacy, data protection, ...
Human security
Human Security and Crisis: A Snapshot
Across the globe, countless government, private and third sector organisations are working to promote and sustain the security of vulnerable populations. During acute or protracted crises, the protection of individuals ...
Ethics by design
Call for papers: The Ethics of Disruptive Technologies
We invite you to submit your paper for the “Ethics by Design” track of the 4TU.Ethics Biannual Conference “The Ethics of Disruptive Technologies”co-organised by SIENNA and SHERPA, two EU projects ...
Data breach
How to be in pole position to avoid data protection regulatory actions
In a historic move, the Danish Data Protection Authority, Datatilsynet has recommended its first fine under the GDPR regime for taxi company Taxa4x35 for its failure to adhere to principles ...
DANTE project_ How do criminal and terrorist organisations exploit the Internet?
How do criminal and terrorist organisations exploit the Internet?
Contemporary terrorist and criminal organizations increasingly exploit the Internet to spread their message and gain support throughout the world, using the Web as a communication tool, in particular for recruitment ...
Why mental health at work is so important
Why Mental Health at Work is so important
Recent years have seen some improvement in how we address or speak about mental health. Awareness about mental health issues is growing among businesses as it has become clear that ...
Using data to enhance collaborative crisis management
Using data to enhance collaborative crisis management
What are the key challenges in crisis management technology that can be better tackled by adopting an ethical approach? Challenges in using data for crisis response Crises and disasters are ...
Do health medical apps share personal data safely?
Do medicine related apps share health data safely?
A recent editorial (March 2019) and article (Jan 2019) in the British Medical Journal have focused on how medical mobile apps, currently a booming market, routinely share users’ data. Given the purpose ...
Project Solebay: Assessing the risk of modern slavery in conflict conference
Project Solebay Conference: Assessing the risk of modern slavery in conflict
We are delighted to announce that the Project Solebay: Assessing the risk of modern slavery in conflict conference will take place at St Mary's University, Twickenham, London, on 14 May 2019 ...
standardisation processes for disaster resilience
Advancing standardisation to strengthen disaster resilience
When a disaster occurs, functioning interoperability could mean the difference between life and death, particularly when there is a need for international or cross border responses; for example when responding ...
Leveraging data to develop modern slavery risk assessments
Leveraging data to develop modern slavery risk assessments
Trilateral’s Data Science team has built interactive cloud-based dashboards to bring data-driven insights into modern slavery risk assessments. Trilateral Research is working in conjunction with the UK’s Ministry of Defence ...
Privacy and data protection rules for drones, GDPR
Nosy Drones? Know the rules before you fly
Due to their manoeuvrability, varying designs and sizes, as well as the vast array of hardware and software capabilities they could be equipped with, drones have found widespread applications in ...
PACE project, populism
Analysing the rise and causes of populism in Europe
What is the meaning of the rise of different types of populist movements for democracy and for EU political and liberal institutions, and how should these institutions respond? The Populism ...
DPO Assist service
Improving compliance: Trilateral’s DPO Assist service
Many organisations have already recognised the need to appoint specialist personnel to ensure they are meeting their obligations in relation to the protection of personal data. For example, the General ...
GEARING-Roles project, promoting gender equality
Promoting more effective gender equality in research institutions
Gender equality is a fundamental value and an essential part of European research and innovation policy. At Trilateral we feel privileged to be part of the newly launched Horizon 2020 ...
Loading...

Risk Assessment Methodology Report

you can view the Executive Summary and Table of contents of the Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)