It’s important to know what you’re going to get from engaging a Data Protection company.
The legislation is wide ranging and so it’s easy to find things that can be changed.
what you need to change
The important thing is for you to identify what you need to change. You need information, expertise and guidance, but the choice is yours. The Data Protection Act is principle based and not rules based. You have some freedom in how you apply it, but you also need to understand your responsibilities and make informed, risk-based decision. You remain accountable if things go wrong.
Organisation that process a lot of data for vulnerable people may need to have a much closer understanding of their processing than companies that don’t.
Either way, our process is the same. We talk to you to understand what your aims are or to guide a conversation in your organisation to establish them.
what you need to get there
Once you know what you want, we can look at what you need in order to get there. We’ll review the appropriate processes, procedures, governance and documentation and put together an action plan.
Our Data Protection Leads can help you with:
- Data Protection Impact Assessment (DPIA).
- Policy creation
- Process reviews
- Data Mapping
- Board Briefings
- Information Security Assessments
- Record of Processing Activity (ROPA) creation
- Subject Access Request (SAR) and Breach Process creation
- Understanding the effect of Data Protection on Marketing and Fundraising
- Record retention periods and disposal
With the remedial work done, you’ll still be left with the day to day management of Data Protection. New processes, projects, SARs and breaches affect all organisations.
With our Data Protection Office Service we can help reduce both risk and expense.
what we do
Protecture is a team of IT, Information Security and data protection experts who can provide planning, guidance and implementation of front line services and support to your organisation.