Data Protection Compliance Service
This package focuses on supporting businesses and organisations to understand and build Data Protection into their processes in a practical and accessible way.
GDPR compliance is an ongoing bespoke process that articulates the individual nature of each business. This process assesses all elements of your business structures, policies and procedures to articulate the good practice already existing and to build in further robust actions as required.
Outline of Process
- Scoping Meeting
- Assessment of current level of compliance
- Data Mapping Process
- Risk Assessment, including lawful bases consideration
- Document review and development
This service is suitable for organisations and businesses who require an in-depth data protection compliance programme.
Data Protection Policy and Procedure Document Review
from €595 + vat
This service is for organizations who require support in developing and writing up their data protection policies and procedures.
Package includes :
- 1 x consultation
- Review of existing documents
- Suite of GDPR compliant policies, procedure and related templates
Data Protection Impact Assessment Development
from €995 + vat
A DPIA (Data Protection Impact Assessment) is a process to identify, understand and document risks and benefits of new personal data processing. It is a legal requirement to conduct a DPIA where processing is likely to result in a high risk to the rights and freedoms of data subjects, and good practice to conduct one for all new personal data processing projects.
A DPIA does not have to be an onerous process, rather its purpose is to bring privacy into all considerations of a new project, in order to consider and identify in advance any risks to personal data and how they will be dealt with.
Risk analysis and mitigation is conducted throughout the process in the form of ongoing discussion and up to three 1-hour consultations, and the written DPIA report.
Due Diligence Package
from €495 + vat
The purpose of this process is to ensure that as a Data Controller you have assessed the Data Protection understanding and standards of any third parties that you are engaging.
It is a legal requirement to have a Data Processor Agreement with any Third Parties who are processing personal data on your instruction. A thorough Due Diligence process enables you to understand areas of liability and how these will be dealt with by both parties, as well as defining and clearly articulating each parties’ responsibilities.
Package includes:
- 1 x initial consultation
- Editable Due diligence Template that can be sent to third parties
- Data Processor Agreement Guidance
- Review of completed templates and feedback
Website Privacy and Cookie Notice Compliance
from €495 + vat
From 6th Oct, the DPC are going to be auditing websites to ensure that cookie banners, cookie notices and privacy notices are all compliant with Data Protection law and this new guidance. The DPC expect a move away from generic documents to ones that are bespoke to your business.
Package includes :
- 1 x initial consultation
- Editable website review document that can be sent to website developer
- Cookie audit template
- Review or development of privacy notice and cookie notice
- Data Processor Agreement Guidance
Training Sessions
Research has consistently found that the best investment in data protection is ongoing and bespoke staff training. Personal data processing in about people, done by people and most at risk by people through poor practice and bad actors.
Bespoke Training Sessions include :
- Staff induction
- GDPR Overview
- How to develop a DPIA
- Marketing and GDPR
- Social Media and GDPR