- Risk, Data Protection and GDPR
- Data Processor Agreement
-
A data processor is any organisation or body that processes personal data at your request and on your behalf. It is a legal requirement to have a Data Processor Agreement with any Third Parties who are processing personal data on your instruction. A thorough Due Diligence process before engaging a Data Processor enables you to understand areas of liability and how these will be dealt with by both parties, as well as defining and clearly articulating each parties’ responsibilities. The document below forms part of a thorough due diligence assessment process. – Third Party Due Diligence Assessment
-
This GDPR New Business package is offered to provide resources and documents needed as a starting point in their GDPR journey. The Start-up Package includes:
- Data Mapping Resources: to assist developing Records of Processing Activities (RoPAs)
- Suite of Policies and Procedures: Organisational Data Protection Policy and related Data Subject Access Request, Data Breach Notification, and Erasure and Rectification Procedures
- Draft Website Privacy and Cookie Notices: Compliant sample Privacy and Cookie Notices that can be adapted for your business
Disclaimer: The documents are suitable for sole-traders or small businesses engaging in low risk personal data processing who do not require a DPO.
-
A data map is exactly what it sounds like; it is a way to document the personal data in your organisation so that you understand it better. It clarifies what information you hold and where. There is a legal obligation to document certain processing activities in Records of Processing Activities (RoPAs) unless you fall under one of the exceptions outlined in Article 30 GDPR. The resources below will assist you in your data mapping process.
- Excel template
- Video Tutorial
- E-book: “First Steps in Data Mapping”
-
This is a Data Protection Consultation via a Zoom call to discuss your business needs and share some of our specialist knowledge and expertise to guide you. As a consultancy, we wish to understand your business and business goals and how we can work together to support your data protection needs. We cannot quote effectively until we have had this conversation. If you do work with us, this fee will be taken off your project fee. There is no obligation to work with us. Before booking this consultation, you may wish to consult the Resources section and see if any of the Resources provided can assist you.
-
- Sample GDPR Compliant Privacy Notice
- Sample GDPR Compliant Cookie Notice
-
These policy and procedure templates are suitable for organisations with low-risk data processing and who do not require a DPA. They are designed to set out the compliance requirements of GDPR in straightforward and manageable way. The documents can be edited to suit your business and come with accompanying templates for monitoring your data protection processes.
-
These documents will form the basis of a review of the personal data processing on your website as well as the use of any cookies that are set and provides sample Privacy and Cookie Notices that can be tailored to develop bespoke and accurate notices for your website.
- Website and Cookie review Document
- Sample GDPR Compliant Privacy Notice
- Sample GDPR Compliant Cookie Notice
- Excel Template for Cookie Audit