Data Protection
Managing data
Managing data is an essential part of trusted business operations. Good data hygiene and an understanding of the importance of data management underpins legally compliant commercial strategies.
Under the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 every organisation has a legal responsibility to process personal information fairly and responsibly.
We offer a range of services to help organisations with their data protection responsibilities so that data is managed legally, safely and strategically. We provide operational tools and templates, jargon-free advice and practical training to ensure organisations comply with data protection on a day-to-day basis.
Data Protection Officer, retainer service
Data protection legislation means many organisations are required to employ a Data Protection Officer (DPO). The role of a DPO is to ensure that the processing of personal data adheres to the principles set out in the law. Recruiting a qualified Data Protection Officer is extremely competitive and time consuming.
Our experienced data protection team will undertake the DPO role for you. This service can be purchased for one, or shared across several, organisations. It includes:
- Access to a confidential email enquiry ‘help desk’
- Access to our comprehensive suite of data protection resources and templates
- Data Subject Access Requests (DSARs) support
- Drafting data protection contracts and clauses
- Record of Processing Activities (ROPAs)
- Data breach reporting and management
- Direct liaison with the Information Commissioner’s Office (ICO), the UK’s regulatory body
- Support completing Data Protection Impact Assessments (DPIAs) and management of ongoing DPIAs
- Support developing data protection policies and procedures
- Training and communications for relevant stakeholders
Training and mentoring programme
We offer a bespoke data protection development and mentorship programme to help upskill your staff, build their confidence, and support them to deliver an effective and improved service. The programme is customised to support the operational work prioritised by your organisation.
The programme is delivered remotely over several months. It includes regular video call sessions, feedback and support on work and provision of high-quality reading/training materials. Topics covered by this programme include (but are not limited to):
- Requirements of a privacy notice
- Special category and criminal convictions data
- Data subject rights
- Information sharing agreements
- Understanding Data Mapping/ROPA
- Consent requirements and challenges
- Age and capacity issues
- Legitimate Interest Assessment (LIA) and balancing tests
Our programme will use scenarios that your staff encounter day-to-day to build their knowledge and skills while guaranteeing organisational compliance. Our experienced data protection team will guide and advise on processes, procedures, and the most appropriate responses to complex enquiries.
Health checks and audits
We gauge your organisation’s readiness in fulfilling its data protection compliance obligations which will help ensure efficiency in terms of your management of rights and data. We have developed a bespoke tool that uses the Information Commissioner’s Office (ICO) Accountability Framework which will provide your organisation with a clear indication of its current compliance and the areas and actions that need development.
Our health checks and audits include:
- Risk audits
- Data protection compliance assessments
- Staff interviews and documentation reviews
- Board level reporting
- Recommendations and next steps
Wesley Tingey on Unsplash
Policies and procedures
We specialise in the checking, creation and implementation of policies and procedures that will help your organisation adhere to its legal obligations regarding data protection and ensure consistent best practices. Our services include:
- Data protection policies
- Appropriate policy documents
- Data handling and data hygiene policies
- Data protection impact assessment policies and procedures
- Data subject rights and sharing policies
- Risk management policies and procedures
- Data breach policies and procedures
- Review and amendments of existing policy frameworks
- Records management policies including retention schedules
Documentation and systems
Our team will provide advice on the documentation and systems required for data protection compliance. We help create the documentation and systems that work alongside policies and procedures to ensure consistent best practice regarding data protection including:
- Privacy notices
- Data Subject Access Request (DSAR) templates
- Records of Processing (ROPA) template and guidance
- Information Asset Register (IAR) template and guidance
- Data breach recording templates and guidance
- Data rights request recording templates and guidance
- Consent and permissions forms
- Digital Asset Management Systems (DAMS) advice and support
- Collection management systems advice and support
Strategic development
Our team has unrivalled experience supporting the research and data communities in national and international initiatives. We have developed tools, research papers and resources focused on the interplay between research, data management and information law issues as well as licensing practices.
We provide expert advice on the relationship of privacy rights within the context of the use of technology, data management and data exploitation within all aspects of the research lifecycle for the research, education, culture, heritage, libraries and information sectors. This service includes:
- Analysis, research, case study work and report drafting
- Risk register reviews and risk audits
- Staff consultations and organisational reviews
- Training needs review and recommendations
- National and international policy development work
- Governmental policy lobbying
- National and international training initiatives
- Strategy and business planning
Freedom of Information (FOI) Information Assurance / Governance Officer
We will undertake the FOI officer role for you. Our team is comprised of qualified staff who have experience in a range of public and private sector organisations. This service can be purchased for one, or shared across several, organisations. It includes:
- Recording and acknowledging requests
- Guidance on applicability of exemptions/exceptions
- Handling complaints and internal reviews
- Reporting of compliance statistics
FOI policies and procedures
We specialise in the checking, creation and implementation of policies and procedures that help organisations adhere to their legal obligations. We’ll provide the following policies and procedures, as appropriate:
- Freedom of Information (FOI)
- Publication scheme
- Disclosure log development
- Environmental Information Regulations
- Records Management including Retention Schedules
Regular support services
We can provide you with regular, cost effective copyright, data protection and licensing support through our Regular Support.
Contact us to find out more.
Naomi Korn