The General Data Protection Regulation (EU) 2016/679, together with the new Data Protection Act 2018 (DPA 2018) form part of the data protection regime in the UK. The changes introduced by this new regime, mean that most organisations will need to review the processing of personal data and the associated controls.
How we can help
Our team of experienced GDPR experts can help your organisation, from assessing your GDPR compliance position and developing a remediation roadmap through to implementing a best-fit data compliance framework. Whether you are an SME, multinational, charity or public sector organisation, we can tailor our GDPR services to your individual needs.
Our GDPR services include:
- General Data Protection Consultancy
- Development of Policies and Procedures
- BS 10012 (Personal Information Management) Certification
- Data Protection Impact Assessments (DPIAs)
- GDPR & Data Protection Training Services
- Development, Issue and Review of Supplier (Processor) Security Questionnaires
- GDPR Gap Analysis
- Creating Records of Processing
- Development of Privacy Notices
- Supplier (Processor) Auditing
- Legitimate Interest Assessments (LIAs)
- GDPR Audits (which can be integrated with Client’s existing audit plans e.g. ISO 27001)
GDPR Gap Analysis
Our knowledgeable data protection consultants have conducted an extensive number of GDPR Audits and Gap Assessments for our clients. The GDPR Audit / Gap Analysis would typically include:
- Submission of briefing notes and initial GDPR data capture document for the nominated representatives to complete prior to GDPR interviews;
- Undertaking GDPR interviews with key functional representatives, to establish existing processes, practices and controls in place for personal data and comparing these against the GDPR requirements, e.g. in relation to: –
- Data Protection Principles
- Rights of Data Subjects
- Controller & Processor Obligations
- Transfer of data to third countries and/or international organisations -e.g.:
- Following the GDPR Gap Analysis interviews, we will produce a summary report, presentation of findings and recommendations as well as an associated GDPR Action Plan. A summary of the GDPR Gap Analysis findings and improvement recommendations will be presented to the senior management team upon completion.
Ongoing GDPR Support and Implementation
Upon completion of the GDPR Audit or Gap Analysis, Teamwork’s data protection consultants can provide ongoing support to assist your organisation, in prioritising and implementing the improvement recommendations and the creation of any associated documentation. We can also integrate our GDPR support services with other compliance or certification requirements e.g. ISO 27001, Cyber Essentials, Managed Compliance Services
INTEGRATING GDPR WITH OTHER STANDARDS
Personal Information Management Systems
Are you considering implementing a GDPR Compliance Programme alongside other certification standards such as ISO 27701 (Privacy Certification) or ISO 27001 (Information Security) for example? Do you already have certification to other ISO Standards and want to integrate GDPR or Data Protection requirements with them? Teamwork IMS GDPR consultants specialise in this combined approach, that is, implementing Integrated Management Systems.
For organisations who need to achieve two or more standards, there are significant advantages in implementing these standards in parallel rather than taking a phased approach, in particular the internal and external incremental costs can be significantly reduced. There are also significant resource economies to be achieved with projects addressing multiple standards e.g. one gap analysis, one implementation programme, less potential for duplication and more effective integration of your management systems. Maintenance of an integrated management system is also more efficient in terms of audits, management review, documentation, and continued assessment.
PROTECTING THE PRIVACY OF YOUR DATA SUBJECTS
ISO 27701 Privacy Management Standard
ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. The Standard provides a framework for ensuring the appropriate protection and management of personal information and assists in demonstrating an ongoing commitment to compliance with privacy regulations around the world, including GDPR.
Teamwork ISO 27701 / GDPR consultants will conduct reviews of your current level of compliance, including current data protection and information security policies, procedures and practices within your organisation and examine their effectiveness.
Teamwork can then help your organisation to implement an ISO 27701 compliant privacy information management system ensuring the selection of adequate and proportionate data protection controls which support your organisation in the protection of the privacy of existing and potential customers, staff and any other applicable data subjects.
OUR GDPR CONSULTANTS
Data Protection Specialists
Since 2007, Teamwork has been instilling absolute quality into the delivery processes of a huge range of organisations, from SMEs to large corporates. Our team of data protection professionals including CISSP, PCI Security Standards Council QSA, MBCI, GDPR, IEMA, ESOS and CMIOSH qualified consultants) have developed and led UKAS accredited ISO and other standards-based service improvement programmes for private and public-sector organisations across the UK, EMEA, US and beyond, from 5 to over 20,000 people businesses.
Our knowledge and experience across a broad base of management and technical Standards makes us uniquely equipped to help organisations to develop GDPR compliance programmes and integrate with existing management systems to achieve all the associated economies and efficiencies in the system design, implementation and maintenance.
This experience, and the huge success of both the project delivery and maintenance phases of our standards-based practices, has been firmly based on two key principles: the ability of Teamwork consultants to look beyond the standard or legislation in question and identify, define and align with the real business drivers of our customers, and our innate ability to become one with our customer’s own management teams.
Who have we helped with GDPR and Data Protection Compliance?
Our team of experienced GDPR & Data Protection consultants have helped an extensive array of organisations with their GDPR Compliance programmes as part of a standalone GDPR compliance project or alongside other ISO and information security standards such as Cyber Essentials and ISO 27001. These organisations range from SMEs to large corporates as well as public and charitable organisations. To see some of our GDPR & Data Protection clients, please visit our ‘Clients’ page.