DPO
Cybersecurity Risk_Data Protection Compliance_resized
Cybersecurity Risk and Data Protection Compliance
A recent article by Boston Consulting Group outlined how organisations should assess cybersecurity risks in order to target spending on the risks most likely to have a significant financial impact ...
STAR Research project launches free and open GDPR training materials
STAR Research project launches free and open GDPR training materials
Trilateral has worked with DPAs, academics and business to develop a set of freely available GDPR training materials which will be presented in this month's project final conference in Brussels and Tirana. In ...
Fake news, misinformation
A data science approach to social science problems: examining political bias in false information on social media
The 2016 United States (U.S) presidential election highlighted the powerful influence that social media can have on politics. Fake news stories shared on social media are argued to have swayed ...
Drones data privacy online course
Training sessions for drone professionals – Online Data Privacy Course
On 25 September 2019, Trilateral conducted, in cooperation with RoboAcademy, a DroneRules PRO training session at the Faculty of Aerospace Engineering TU Delft in the Netherlands. This was the final ...
Risk assessment tools for combating child exploitation
INNOVATE UK funded project will develop AI tools to prevent and combat child exploitation
Innovate UK has funded Project CESIUM, led by Trilateral Research in partnership with Lincolnshire Police and NWG Exploitation Response Unit to advance risk assessment practices in public and private sector ...
SOTER project, cybersecurity, financial sector
Setting new benchmarks for cybersecurity in the financial sector
We are living in the era of digitalization where digital applications across all business sectors are increasing. Unfortunately, cyber-attacks are alarmingly on the rise as well, which sets new challenges ...
Policing Economic Crime Post Brexit
Policing Economic Crime Post Brexit
As part of the PROTAX project, Trilateral Research has led the organisation and research work of focus groups with experts from European tax authorities and policy-makers (e.g., from the Ministry ...
NO-FEAR demonstration for hospital preparedness
Preparedness in the EU emergency medical care: demonstration event
We are delighted to announce that the NO-FEAR partner, Università Cattolica del Sacro Cuore is organizing the First Demonstration of the NO-FEAR project, that will take place on November 22, ...
COPKIT ethical impact assessment
“Staying ahead of the curve” – Data-driven policing tools to combat crime and terrorism
Terrorism and organised crime are evolving phenomena with high societal impacts. Increasingly, criminal organisations use new technologies to strengthen their capabilities to support their activities, such as phishing kits and ...
GDPR compliance for SMEs
How are small businesses managing the GDPR?
It is over a year now since the General Data Protection Regulation (GDPR) came into force throughout the EU and the STAR II project has also been designed to understand ...
AI for good, IEEE forum, ethics
AI for good – fostering the ethical use of artificial intelligence
Smart Information Systems (SIS) hold large promises and raise significant concerns. The application of artificial intelligence and machine learning via deep neural networks based on big data analytics form the ...
GDPR and scientific research
Key lessons on GDPR and scientific research
The new world economy relies on data-driven technologies and systems. Data is knowledge and innovation, ensuring scientific progress. There is a strong debate on whether the new General Data Protection ...
Data-driven insights into the Colombian conflict: a statistical analysis of child soldiers trends in the department of Antioquia, Colombia
Data-driven insights into the Colombian conflict: a statistical analysis of child soldiers trends in the department of Antioquia, Colombia
Witnessing armed conflict and violence at an early age can become a source of trauma for young people, which is why the protection of children in armed conflict is a ...
NO-FEAR on scene security workshop
Improving security in emergencies – lessons learned and best practices
On 26-27 April 2019, the NO-FEAR workshop on scene security and Ballistic Personal Protective Equipment (PPE) brought together over 55 stakeholders from across Europe and beyond (Austria, Belgium, France, Germany, ...
social media and populism, PACE project
Social media and populism: Facebook’s challenges with political speech
Facebook and other social networks' attempts to diminish the influence of problematic political content online have had limited results so far. The challenge for such platforms is not to neatly ...
Cookie Guidance - Data Protection Authorities publish update
Cookie Guidance – Data Protection Authorities publish update
Data Protection Authorities including the ICO and the Irish Data Protection Commission have recently released updated cookie guidance and CNIL, the French Data Protection Authority, have released updated guidelines, repealing ...
Gender Equality – box ticking is not enough
Gender Equality – box ticking is not enough
Gender equality is more than just badge collecting, achieving facilitated change requires more than simply ‘ticking boxes’. Gearing Roles has a firm objective: to challenge and transform gender roles and ...
Enhancing the investigation, prosecution and prevention of tax crimes in the EU
Enhancing the investigation, prosecution and prevention of tax crimes in the EU
Trilateral Research is proud to be working with our PROTAX project partners to organise the PROTAX Conference: enhancing the investigation, prosecution and prevention of tax crimes in the EU. The ...
Loading...

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)