Data now competes with Oil in being the world’s most valuable resource and its misuse in the last decade by large operators such as Facebook has prompted regulators to step in to restrain those who control its flow.
report that GDPR has improved the management of customer data
of data breaches reported were a result of human error
reported that GDPR has encouraged new innovative uses of data
¹ Research by RSM of 967 European businesses who have engaged with the European Business Awards. The majority of businesses surveyed were European middle-market businesses with a turnover of less than €100m. The sample included businesses from 34 countries.
² ICO: 11499 personal data breach incidents reported between 1st January and 31st December 2020
Your obligations may differ depending on the size, type & turnover of your company. There are also some additional obligations where you have 250 employees or over.
Understanding if you need a DPO or to be registered can be tricky using the ICO self-assessment tool. This isn’t something your business can afford to get wrong. We provide you with 1 valuable tip to use.
When taking these self-assessments think about 4 areas
The General Data Protection Regulation is a framework to protect an Individual’s personal data.
Its aim is to simplify the regulatory environment and make it easier for individuals to have control of their own data. It also aides free flow of data throughout Europe.
However, some things have changed….. United Kingdom Left Europe.
UK GDPR became effective on the 1st of January 2021 and with the Data Protection Act 2018 is now the UK's primary Legislation for Companies that process UK individual’s personal data.
A DPO can be an external resource or an employee. They assist you to monitor internal compliance, and they inform and advise on your company data protection obligations. They also act as the main focal point for the ICO when communicating with your business.
It may not be clear at the outset if a company needs a DPO, GDPR Business Support, or both. Depending on the type & scale of data a company processes It may have a duty to appoint a DPO.
Data Protection Impact Assessments are an essential tool in the sales pipeline. If your company uses an internal or external data storage system and uses software applications that process personal data. Completing these risk assessments is vital. Human behaviors are often overlooked in systems impact assessments, However, the majority of data breaches are a result of it. Do you need to identify the risks? we take away the pain of completing a DPIA and we make sense of the complexity.
IF you work with sensitive or special category data you have a legal obligation to carry out a DPIA under the UK GDPR.
We help you mitigate the risks and plan ahead to keep your projects moving forward.
IMPACT® can support your organisation, make GDPR easy to understand, and provide the tools for your employees to ensure compliance for each development or change to systems, products, or service.
IMPACT® training can be delivered either virtually or face to face depending on your requirements and you can expect the training to last approximately 4.5 hours.
There are lots of systems out there that claim to manage data mapping and ROPA (Record of Processing Activities). However, Data mapping will only be successful in your business if you can align it with your existing business processes.
Knowing when you need a DPIA can be difficult, We provide external support in completing Data Protection Impact Assessments for your company. Get in touch f you are introducing something new or making changes in your workplace.
We offer an experienced redaction service, we can also review and make recommendations on exemptions that need to be considered when dealing with a subject access request.
We know every company is different and requires a focus on a variety of processes, therefore we offer Support on a Per Hour basis for everything from Data Mapping to creating Risk Registers.
We provide a range of audits to suit your size and type of business which will help you with compliance. We offer Gap analysis/ Mock inspections & Full Audit
Meeting deadlines & keeping costs down when it comes to Subject Access Requests can be difficult, For large & Small companies we bring practical experience & knowledge to manage this process effectively. We work alongside legal counsel, DPO's & business owners giving them insight and support.
UK GDPR certification applies only to data controllers and processors and cannot be used to certify individuals for example Data Protection, Officers.
There are currently no approved certification criteria or accredited certification bodies for issuing UK GDPR certificates. However, The ICO encourages the use of data protection certification mechanisms as means to enhance transparency and compliance.
If applying for UK GDPR certification the criteria must be able to be applied to a product, process, or service to be suitable for use under ISO 17065 as this is the standard that certification bodies will be accredited against to issue UK GDPR certification.
Here's a guide to help you comply with data protection laws for domestic video surveillance
Did you make this same mistake on the Self assessment portal? here are the common mistakes people make carrying out the self assessment
The transition period for implementing the standards is almost at an end.
Susan helped our company get up to speed with GDPR compliance in a no-nonsense and practical manner. Not only did Susan take the time to simplify all the regulations so that we could apply them to our business, but she was also really friendly, approachable, and cost-effective. Susan always responds to our queries promptly and efficiently. We have been delighted with the service provided and will continue to use these services on a long-term basis.
Louise Martin - Founder & Director of RigRun
I’ve known Susan for a few years and her advice and recommendations for GDPR business support is excellent.
I am a small business owner and Susan has helped to ensure that my business complies with GDPR and I keep on top of any changes. When I started my business, I had never heard of ICO (Information Commissioner’s Office) and didn’t realise that I needed to register the business to ensure I was handling my data and my client’s data correctly.
Nicky Carnie HR MSc, MCIPD - Qualified ILM Coach & Colour Profiling Specialist: Insights/ C-me
I have had the pleasure of knowing and working with Susan in various capacities over 25 years.
Susan is a system expert and process guru with a firm grasp of the GDPR guidelines and laws.
Therefore it was without hesitation that we asked Susan to review and update our processes , GDPR policies and Privacy Statement to make sure they were robust and current.
I would recommend Susan without hesitation to Clients and Associates.
Brett Jackson - Founder and Managing Director Granite PR