standardisation processes for disaster resilience
Advancing standardisation to strengthen disaster resilience
When a disaster occurs, functioning interoperability could mean the difference between life and death, particularly when there is a need for international or cross border responses; for example when responding ...
Leveraging data to develop modern slavery risk assessments
Leveraging data to develop modern slavery risk assessments
Trilateral’s Data Science team has built interactive cloud-based dashboards to bring data-driven insights into modern slavery risk assessments. Trilateral Research is working in conjunction with the UK’s Ministry of Defence ...
Privacy and data protection rules for drones, GDPR
Nosy Drones? Know the rules before you fly
Due to their manoeuvrability, varying designs and sizes, as well as the vast array of hardware and software capabilities they could be equipped with, drones have found widespread applications in ...
PACE project, populism
Analysing the rise and causes of populism in Europe
What is the meaning of the rise of different types of populist movements for democracy and for EU political and liberal institutions, and how should these institutions respond? The Populism ...
DPO Assist service
Improving compliance: Trilateral’s DPO Assist service
Many organisations have already recognised the need to appoint specialist personnel to ensure they are meeting their obligations in relation to the protection of personal data. For example, the General ...
GEARING-Roles project, promoting gender equality
Promoting more effective gender equality in research institutions
Gender equality is a fundamental value and an essential part of European research and innovation policy. At Trilateral we feel privileged to be part of the newly launched Horizon 2020 ...
Corruption in Conflict: building risk assessments for a threat difficult to see and measure
Corruption in Conflict: building risk assessments for a threat difficult to see and measure
Corruption undermines the UK military’s end-state and foreign policy objectives, particularly as corruption is pathological and detrimental to a secure and stable environment (MacLachlan et al., 2017). Sarah Chayes (), ...
Manipulating social media with fake news
Addressing fake news and disinformation on social media
Fake news have the power to build a misleading representation of reality posing a threat to our security and safety and forcing us to consider how we can build trust ...
Benefits of Outsourcing your Data Protection Officer
What are the benefits of outsourcing your Data Protection Officer?
The General Data Protection Regulation (GDPR) creates a new role called a Data Protection Officer which assists a data controller or processor to monitor their internal compliance. Although not every ...
Risk assessment tools for the military, modern slavery,Project Solebay
Considerations for a UK Military based approach to Assessing the Risk of Modern Slavery
In 1808, HMS Solebay was the first British ship to be part of the anti-slavery operation patrolling the African Atlantic coast to halt the Atlantic slave trade. Today, in 2019, ...
Risk assessment for child sexual exploitation
Developing Risk Assessment tools to combat Child Sexual Exploitation
Child sexual exploitation and child sexual abuse remain challenging issues for law enforcement and local authorities in the UK due to the hidden nature of these crimes. Risk assessments tools, which ...
AI, Artificial intelligence, Big Data, Responsible Research and Innovation
Call for papers: Ethics and Human Rights in Smart Information Systems
We invite you to submit your paper for the IEEE Smart World Congress Forum on Ethics and Human Rights in Smart Information Systems, co-organized by three EU projects engaged in ...
Research pilots, technology development
Research Pilots – evaluating and validating new technologies
Research pilots play a critical role in the testing, validation, and evaluation of new technologies before they are pushed into the market. They act as a feasibility study showing technology ...
Celebrating Data Protection Day
Celebrating Data Protection Day
The Council of Europe (CoE) in 2006 launched a Data Protection Day to be celebrated each year on 28th January, the date on which the CoE’s data protection convention, known ...
GDPR and esearch
GDPR and implications for Research
To mark Data Protection Day, Trilateral has produced a special article that examines how the General Data Protection Regulation (GDPR) changes the rules for research. The GDPR adopts a “broad” definition ...
NO-FEAR foresight exercise
Framing the vision for a stronger EU emergency medical care
While emergency medical care has a critical role in assisting casualties after security incidents, there are a number of challenges that the Emergency Medical System (EMS) needs to address. These ...
Brexit and GDPR
Brexit update: political uncertainty demands proactive steps to protect from no-deal consequences
Last week, the UK government’s defeat at the House of Commons marked the pass to a new phase of Brexit, the process that will bring the United Kingdom outside the ...
GDPR and Charities
GDPR and Charities: Key operational considerations
For companies and individuals that work in the area of data privacy, it is fair to say that 2018 was the year of privacy. In May, Regulation (EU) 2016/679 (General ...
Loading...

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)