top of page

DATA PROTECTION SERVICES

DPO AS A SUBSCRIPTION

The UK GDPR / GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority or body, or if you carry out certain types of processing activities.

A DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level. Our subscription DPO service will assist an organisation with: 

  • When to report a breach to the ICO (regulators)/ CYBER INSURANCE PROVIDER / PCI DSS (Payment Card Industry Security Standards Council)?

  • Data protection risk management advice

  • Liaise with supervisory authorities as needed.  

PRIVACY GAP ANALYSIS

A gap analysis is a method of assessing compliance against the requirements of the Regulation. It'll help you identify and prioritise the areas that you should address.

GDPR GAP ANALYSIS

 

This Service explores your business policies, processes, resources, governance and technology to identify areas of non-compliance.
 

> You will receive a comprehensive report showing your current level of compliance against the requirements of the GDPR.
 

> This service is perfect for organisations that are just getting started in their compliance journey.

PECR – GAP ANALYSIS SERVICE

 

PECR applies to virtually every UK organisation that undertakes regular marketing activities.

 

> Marketing by phone, email, text or fax

 

> Use of cookies or a similar technology on a website

 

> Compiling a telephone directory (or a similar public directory)

DATA ETHICS POLICY

Data ethics evaluate the moral problems related to data (including generation, recording, curation, processing, dissemination, sharing and use), algorithms (including artificial intelligence, artificial agents, machine learning and robots) and corresponding practices (including responsible innovation, programming, hacking and professional codes), to formulate and support morally good.

OTHER DATA POLICIES

Your organisation will have overlapping internal processes and policies that should be aligned with data policies, DSL can draft and assist your teams:

> Artificial Intelligence & IOT Ethics Policy – Are your policies accurate do they provide trust from consumers?

> Risk Assessments – How do you manage and control your risks?

> ESG (Environmental, Social and Governance) aligning with your Privacy Program: What is the purpose and values?

DATA PROTECTION AUDITING

DSL can be instructed to carry out a data protection audit this is a means of assessing whether your organisation is complying with their data protection obligations, identifying data protection risks. We will provide recommendations for best practice.

OTHER DATA POLICIES

Your organisation will have overlapping internal processes and policies that should be aligned with data policies, DSL can draft and assist your teams:

> Monitoring services for existing privacy frameworks

> Annual GDPR Gap Assessment Audits

DATA IMPACT ASSESSMENT

There are serval impact assessments your organisation may be required to do during the data lifecycle; DSL can assist your team with numerous data impact assessments:

LEGITIMATE INTEREST ASSESSMENT (LIA)

An LIA is required where the lawful basis being relied upon to process personal data is legitimate interests. A LIA is a form of risk assessment balancing assessment to understand whether the legitimate interest being relied upon outweighs the individual’s rights.

DATA PROTECTION IMPACT ASSESSMENT (DPIA)

This is ‘an assessment of the impact of the envisaged processing operations on the protection of personal data’. You must carry out a DPIA before you process personal data when the processing is likely to result in a high risk to the rights and freedoms of individuals..

DATA TRANSFER IMPACT ASSESSMENT (TIA)

 

The TIA is an analysis by a data controller or a data processor of the impact and security implications of a transfer to a country outside the EEA that does not benefit from an adequacy finding by the Commission. The obligation to perform a TIA stem from clause 14 of the new standard contractual clauses (SCC).

TRANSFER RISK ASSESSMENT (TRA)

 

The Schrems II judgment ruled controllers intending to make a restricted transfer under Article 46 of UK GDRP / GDPR are required to carry out a TRA. The TRA ensure that, in the specific circumstances of your restricted transfer, the Article 46 transfer mechanism will provide appropriate safeguards, and effective and enforceable rights for people. The TRA is required regardless of whether you are relying on the International Data Transfer Agreement (IDTA), the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (the Addendum) or Binding Corporate Rules (BCRs).

ARTIFICIAL INTELLIGENCE ALGORITHM IMPACT ASSESSMENT (AIAIA)

 

The EU Artificial Intelligence Act (AIA) has obligations for both AI providers and users (i.e., deployers) to assess the impact of AI to ensure proportionate check-and-balance process. The UK government also have risk-based proposals and the ICO has guidance. See our AI compliance and Future Privacy Compliance.

bottom of page