Data Protection

Managing Personal Data

Managing personal data is an essential part of trusted business operations. Good data hygiene and an understanding of the importance of data management underpins legally compliant commercial strategies.

Under the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 every organisation has a legal responsibility to process personal information fairly and responsibly.

We offer a range of services to help organisations with their data protection responsibilities so that data is managed legally, safely and strategically. Our services include:

Wesley Tingey on Unsplash

Get in touch

Do you need support with your data protection requirements?

Get in touch to ensure your organisation’s data is managed legally and strategically – partner with us for expert data protection services today.

In-House Data Protection Training

We offer in-house data protection training to help you up-skill your staff, build their confidence and support them to deliver an effective and improved service. We can offer our full selection of CPD UK accredited training courses online, face-to-face or hybrid. We can also customise training to support the operational work prioritised by your organisation.

The benefits of in-house training include:

Cost effective training to support up to 25 participants
Ability for staff to discuss organisational specific issues
Q&A opportunities with the subject specialist trainer throughout the day
Small group discussion work
Comprehensive handouts to accompany the training
Learning at a pace to suit everyone
Networking opportunities in breaks
Dynamic and participant focussed training
CPD accredited points bearing
Certificate of completion and digital badge

Our programme will use scenarios that your staff encounter day-to-day to build their knowledge and skills while guaranteeing organisational compliance. Our experienced data protection team will guide and advise on processes, procedures, and the most appropriate responses to complex enquiries.

Data Protection Audits

We gauge your organisation’s data protection compliance which will help ensure efficiency in terms of your management of rights and data.

Our audits are presented as a final report including validation of good practice, prioritisation and recommended actions to ensure that your organisation has the confidence that it can achieve compliance. 

Data Protection Contracts and Suppliers Audits

Due diligence on suppliers is crucial from a data protection perspective. Suppliers pose a bigger risk in terms of their maturity from a data protection perspective and are often a key factor in data breaches. Ensuring due diligence on suppliers both prior to the contract signing but also during the term can ensure your organisation is protecting itself and its data.

NHS Data Security and Protection Toolkit (DSPT) Audit

All organisations that have access to NHS patient data and systems must use the DSPT toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. This is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. Requirement 9.4.5 requires organisations to have completed an independent audit of its Data Security and Protection Toolkit submission and report the results to its Board.

Naomi Korn Associates Team have extensive experience in the NHS and Social Care sectors including completing many submissions of the DSPT. Our expert team can audit your organisation’s submission providing this essential evidence for the requirement.

Our Data Protection Audits include:
Risk audits and data protection governance structure reviews
Data protection compliance assessments
Staff interviews and documentation reviews
Evaluation of the management of data subject rights
Contract and data sharing reviews
Policy and procedure review
Provision of staff training and awareness raising activities in data protection
Essential cyber security measures
Privacy statements and ROPA reviews

AI Privacy, Ethics, and Data Security Assessment

In the rapidly evolving landscape of artificial intelligence (AI), ensuring the privacy, ethical use, and security of data is paramount. Our AI Privacy, Ethics, and Data Security Assessment service is designed to help organisations navigate these complex areas, ensuring compliance and fostering trust.

Our comprehensive assessment includes:

Privacy Impact Assessments (PIAs): Evaluating the potential privacy risks associated with AI systems and recommending mitigation strategies.
Supplier Security Checks: Conducting due diligence to identify and address issues.
Transparency and Accountability: Establishing mechanisms for transparency and accountability in AI operations.
Stakeholder Training: Providing training and resources to stakeholders on AI ethics, privacy, and data security.

For more information contact us or email info@naomikorn.com.

Wesley Tingey on Unsplash

Policies & Procedures

We specialise in the checking, creation and implementation of policies and procedures that will help your organisation adhere to its legal obligations regarding data protection and ensure consistent best practices.

Our services include:
Data protection policies
Appropriate policy documents
Data handling and data hygiene policies
Data protection impact assessment policies and procedures
Data subject rights and sharing policies
Risk management policies and procedures
Data breach policies and procedures
Review and amendments of existing policy frameworks
Records management policies including retention schedules

Documentation & Systems

Our team will provide advice on the documentation and systems required for data protection compliance. We can help create the documentation and systems that work alongside policies and procedures to ensure consistent best practice regarding data protection.

Our services can include the following:
Privacy notice creation or review
Data Subject Access Request (DSAR) templates
Records of Processing (ROPA) template and guidance
Information Asset Register (IAR) template and guidance
Data breach recording templates and guidance
Data rights request recording templates and guidance
Consent and permissions forms
Digital Asset Management Systems (DAMS) advice and support
Collection management systems advice and support

Strategic Development

Our team has unrivalled experience supporting the research and data communities in national and international initiatives. We have developed tools, research papers and resources focused on the interplay between research, data management and information law issues as well as licensing practices.

We provide expert advice on the relationship of privacy rights within the context of the use of technology, data management and data exploitation within all aspects of the research lifecycle for the research, education, culture, heritage, libraries and information sectors.

We can help with the following:
Analysis, research, case study work and report drafting
Risk register reviews and risk audits
Staff consultations and organisational reviews
Training needs review and recommendations
National and international policy development work
Governmental policy lobbying
National and international training initiatives
Strategy and business planning

Freedom of Information (FOI) / Information Assurance / Governance Officer

We will undertake the FOI officer role for you. Our team is comprised of qualified staff who have experience in a range of public and private sector organisations. This service can be purchased for one, or shared across several, organisations.

Our support includes the following:
Recording and acknowledging requests
Guidance on applicability of exemptions/exceptions
Handling complaints and internal reviews
Reporting of compliance statistics

FOI policies and procedures

We specialise in the checking, creation and implementation of policies and procedures that help organisations adhere to their legal obligations. We’ll provide the following policies and procedures, as appropriate:

Out-Sourced DPO / Data Protection Lead

Data protection legislation means many organisations are required to employ a Data Protection Officer (DPO). Even organisations who are not required to appoint a DPO, there still needs to be an individual who leads on data protection to ensure ongoing compliance with the legislation. The role of a DPO, or Data Protection Lead, is to ensure that the processing of personal data adheres to the principles set out in the law.

Recruiting a qualified DPO, or finding a suitably experienced Data Protection Lead, is extremely competitive and time consuming. However, these roles can be outsourced, and the organisation would still be complying with data protection law.

Our experienced data protection team will undertake the DPO or Data Protection Lead role for you. This service can be purchased for one, or shared across several, organisations. We can also offer more flexible support for organisations who are looking for some additional capacity and support for an in-house DPO or Data Protection Lead.

Our DPO/Data Protection Lead Support Service includes:
Access to a confidential email enquiry ‘help desk’
Access to our comprehensive suite of data protection resources and templates
Data Subject Access Requests (DSARs) support
Drafting data protection contracts and clauses
Record of Processing Activities (ROPAs)
Data breach reporting and management
Direct liaison with the Information Commissioner’s Office (ICO), the UK’s regulatory body
Support completing Data Protection Impact Assessments (DPIAs), management of ongoing DPIAs and data processor due diligence
Support developing data protection policies and procedures
Training and communications for relevant stakeholders
Data Protection Audits

Retained support services

We can provide you with regular, cost effective copyright, data protection and licensing support through our retained support services.
Contact us to find out more.

Naomi Korn