If you are an organisation currently preparing for the GDPR law, then you need to be aware of some mandatory obligations, many of which will take time to prepare for and will have a significant impact internally and externally. With expanded territorial reach and rules around data consent, many organisations will have to re-examine their policies and procedures to stay compliant. Securestorm can ensure that organisations -
- Prepared for data breaches
- Establish an organisational accountability framework
- Embedding a 'Privacy by Design' culture
- Provide an independent Data Protection Officer (DPO)
- Identify organisation roles and responsibilities as Data Processors or Controllers
- Support with privacy policies for compliance
DATA PROTECTION AS A SERVICE (D-PAAS)
Securestorm offers a range of advisory and consultancy services to help organisations prepare for and adapt to the General Data Protection Regulation (GDPR). We also help organisations meet the requirements of the UK Data Protection Act (DPA), which remains valid until the GDPR comes into effect on 25 May 2018.
Securestorm's D-PAAS portfolio:
Data Protection Officers as a Service (DPOs)
Data Protection Impact Assessment (D.P.I.A) / Privacy by Design Services
GDPR Assessment Services
GDPR Planning & Management
DPO AS A SERVICE
Our DPOs assist clients internally on all matters relating to privacy and data protection as well as GDPR compliance. Securestorm DPO takes over privacy and data protection tasks, staff training, and can serve as an independent expert both internally as well as towards customers or the Data Protection Authorities. Our DPO can take over all tasks required by the GDPR and all roles can be adjusted towards specific needs.
- Provide pragmatic data protection advice, guidance and training to the executive and colleagues
- Review processes to ensure compliance with GDPR and identify required changes
- Alongside in-house staff, undertake a review of all internal and external personal data flows and document them including the lawful grounds for processing
- Monitor compliance with the GDPR and provide quarterly compliance reports (or aligned to the frequency of the engagement if greater or lesser than 1 day per month)
- Alongside the personnel team assign data protection responsibilities
- Undertake and advise on audits of GDPR compliance
- Provide advice regarding data protection impact assessments and provide a process if this is not currently in place
- Act as the contact point for data subjects and ensure cooperation with any request or invocation of their GDPR rights
- Act as the contact point for the supervisory authority and ensure cooperation with any investigation
- Expertise in national and European data protection laws and practices including an in-depth understanding of the GDPR
- Technical and security expertise
- Experience and expertise in IS auditing, IT infrastructure, data management and risk management
- An in-depth understanding of operational and transformational processes
- An understanding of the Justice sector, through working with the Supreme Court, Youth Justice Board and Ministry of Justice
- A support network of experienced colleagues working in data privacy, cloud security, cyber security, third party management, government and private sector
- Ability to effectively and clearly communicate at both the executive and colleague level
Our GDPR Service Levels
PRIVACY BY DESIGN SERVICES
Data Protection Impact Assessments (DPIA) are an integral part of taking a privacy by design approach. The ICO has issued a code of practice explaining the principles which form the basis for a DPIA and, together with the GDPR Articles (35/36) and the EU Article 29 Working Party (WP29) guidance, state exactly what needs to be included to comply with the regulation.
DPIAs are a tool that can be used to identify and reduce the privacy risks of projects and ensure the concept of Data Protection by Design and by Default is being implemented. A DPIA can reduce the risks of harm to individuals through the misuse of their personal information. It can also help organisations to design more efficient and effective processes for handling personal data. By integrating the core principles of the DPIA process within existing project and risk management policies it is possible to reduce the resources necessary to conduct the assessment. In addition, it can assist spreading awareness of data privacy throughout an organisation.
- Provide bespoke Policy & procedure documents (pragmatic, relevant and workable)
- Pre-DPIA screening
- Online DPIA tool (offline versions are available too)
- Provide review of results provide support, advice and challenge, if required
- Provide data protection risk advice and guidance regarding solutions
- Provide compliance monitoring & oversight that processes are being adhered to
Privacy By Design Services
- Provide Data Protection by Design & Default service
- Provide strategic support for the organisation regarding Data Protection by Design & Default
- Provide Technical & Organisational measures: Policies – security & technology
- Technical support & guidance
- Security support & guidance
- Privacy education & awareness
- Project privacy (Gateway) reviews
- Provide assurance that principles are being/have been adhered to
PLANNING & MANAGEMENT
Arranging a Meeting with Us...
If you want to discuss if Securestorm is an option for your GDPR process, then arranging a meeting with one of our consultants will definitely guide you in the right direction.
Our team will engage with you to do a free assessment of your organisation, be able to advise on how to prepare, plan and implement for the GDPR act and establish which aspects of our services can help you most.
All you need to do is let us know when you would like to start: