Consultancy Services from the DPO Centre
The DPO Centre provides a comprehensive range of consultancy expertise to complement its outsourced DPO and GDPR Representation services. This includes “overflow provision” for when organisations require increased resource to cover periods of high workload or absence.
Our consultancy services are provided by experienced Data Protection Officers (DPOs) and tailored to your organisation’s specific needs.
The services are provided standalone, as a precursor to, or to complement our outsourced DPO services.
In all cases, the service is backed up by the shared best practice and model documentation that the DPO Centre has developed based on the experience we have gained from working with over 250 organisations.
OUR RANGE OF CONSULTANCY SERVICES
Compiling data asset register and data mapping
- Identifying the personal data an organisation is responsible for
Cataloguing:
- Where and why the data is held and how it is used
- The type, volume and “risk” level of the data
- Who is responsible for managing it
Impact assessments and gap analysis
- Reviewing how data in a dataset is processed
- Determining if processing is compliant
- Identifying “gaps” between current practice and full compliance
- Developing an action plan to fill the gaps
Records of Processing Activity (RoPA)
- Preparing and maintaining RoPA
Compiling ongoing records of:
- The legal basis upon which personal data is held
- How the data is processed
- How, why and where the data is transferred
- Security protocols used to protect the data
- How long the data is retained and its disposal
Policy drafting and review
- Privacy and cookie policies
- Informed consent forms
- General data protection policy
- Retention policy
- Various employee policies
Data protection training
Providing ongoing training to embed a data protection culture into an organisation including training for:
- Senior managers accountable for data protection
- Data managers responsible for personal datasets
- Front line staff handling and processing personal data
Data sharing and data transfers
- Advising, drafting and reviewing data processing and data sharing agreements with third parties
- International data transfer mechanisms and agreements including the use of Model Contract Clauses (SCCs) and Binding Corporate Rules (BCRs)
Privacy by design advice
Ensuring data protection principles are designed into new business activities
from start to finish of a project:
- Considering GDPR principles at all development phases
- Providing data protection expertise from the outset
- Advising on a risk-based approach to the project
Data protection readiness
• Readying organisations for external data protection compliance by, for example:
- Financial Conduct Authority (financial services)
- Care Quality Commission (medical and healthcare)
- Ofsted and ISI (schools and education)
- Government Internal Audit Agency (government agencies)
- Commercial due diligence for M&A activity
BENEFITS OF THE SERVICE
WHO WE WORK WITH
We work with organisations in a wide variety of sectors, including:
Medical and
Healthcare
Software and
Technology
Retail and
eCommerce
Finance
and Insurance
Education, Schools
and Colleges
Charities and
Not-for-profit