We have worked in the data industry for over 15 years and as a result we as an organisation have had a “Privacy by Design” approach to business from the very beginning. In 2012, our company was itself the subject of a data breach. As a result of our team approach however we were able to detect this breach and provide information to the police that 4 years later resulted in suspended custodial sentences.
As an organisation, we have spoken in public about this approach to privacy, now highlighted in the recent General Data Protection Regulation (GDPR), most recently at “GDPR in the Public Sector” and “GDPR in the Private Sector”, both hosted by Salford University at Old Trafford in Manchester and moderated the recent GDPR Summit in London.
We help a number of organisations to drive awareness within their business that the law is changing and help put data privacy at the heart of their enterprise and create a” Privacy By Design” approach.
Over 5 days we take time to sit with members of the management team and those individuals responsible for processing personally identifiable information on a day to day basis across all departments from Finance to Sales and Marketing. This understanding helps us demonstrate a thorough process and a professional approach to “Privacy by Design”.
During and shortly following this period you can expect to receive from us a data-flow analysis, a GAP Analysis in the form of a check list of tasks to be carried out and team training that will help you establish a “Privacy by Design” approach to business which will help you:
- Create an information audit to map data flows
- Document what personal data you hold, where it came from, who you share it with and what you do with it
- Identify your lawful basis for processing
- How you ask for and record consent (if applicable)
- What systems you use to record and manage consent (if applicable)
- Register with the Information Commissioners Office
- Create privacy notices
- Respond to Subject Access requests
- Create a process to allow subjects to update, rectify or delete the information you hold on them
- Established an appropriate Data Protection Policy based on a “Privacy by Design” approach
- Manage and maintain data processor contracts
- Manage information risks (DPIA’s)
- Nominate a Data Protection Officer (if applicable)
- Identify a data breach and understand how (when applicable) you would inform the ICO and/or the subjects affected