The GDPR is a highly complex piece of legislation that all businesses are required by law to prove their compliance with. Many are unable to, however, suffer the consequences when asked to demonstrate this. Examples include losing major contracts as they are unable to respond to due diligence requests in sufficient detail, or, risk enforcement action such as fines or orders to stop processing from the ICO.
A specialist GDPR consultant from PRIVACY HELPER could address all these issues without delay – therefore protecting your business from the pitfalls of non-compliance. Our experienced, highly qualified privacy team are able to quickly recognise the greatest processing risks to your business – and can implement practical and effective solutions to address these challenges – no matter how large or small your business is.
What to look for in a consultant
The market is full of people claiming to be “GDPR consultants” – so what should you look for when engaging? We look at several key features of a skilled GDPR consultant.
- They have a professional qualification. Many of our consultants have a recognised privacy qualification or are studying for one.
- They have many years of experience in privacy.
- They have an in-depth knowledge of both the UK GDPR and the Data Protection Act 2018 – and can interpret the demands of these when speaking to business owners.
This is why you can be confident of trusting PRIVACY HELPER with your compliance programme – we have the most skilled, experienced, consultants in-house so we can be sure of delivering the most professional service to our clients.
Contact us NOW to find out how our consultants can help your business navigate its GDPR compliance programme. Our experienced privacy consultants make even the most challenging privacy legislation easy to implement across your business:
GAP analysis
Leaving no stone un-turned in our first audit of your business, we quickly identify the processing activities in your business that fail to meet the demands of the GDPR.
From your client base, to your supply chain and wider business partners, all parties that your business shares personal data with are examined for their compliance with the legislation. In the instances where you are the data controller – and therefore liable by law – we explain the risk, the implications and how to address these.
Where you are the processor, we explain your alternative obligations in relation to your client or business associate, the data controller.
At the end of our GAP analysis, we provide you with a report detailing your processing activities split by department – and colour-coded Red, Amber, Green to highlight the critical risks through to the non-critical.
We deliver an Executive Summary for the Board to understand perfectly where their true business exposure lies – and how this can be addressed via an efficient and professional, yet affordable strategy.
Remediation
After we have completed and delivered our detailed GAP Analysis, our consultancy team will begin work on the remediation.
Every company needs some degree of remediation and our experts have the skills to implement this without delay by prioritising by your greatest risks – whether this be your outbound marketing activity, your data transfer mechanisms, your data storage capabilities, or contractual failings, or lack of staff training.
Our Privacy Team will establish a working project plan for you – which will demonstrate to external parties (including the ICO, if required) that you have committed to a GDPR compliance programme to ensure your organisation embraces a “privacy by design” culture.
GDPR strategy implementation
Our experienced GDPR consultants will build a tailored privacy roadmap for your organisation – bespoke to you, the challenges you face and your risk appetite. This roadmap will recognise that GDPR is both a procedural project and one requiring cultural change – privacy must be embraced from the Post Room to the Board Room.
Projects will include:
- Assessing the legality of your data transfer mechanisms – both domestically and cross-border.
- Reviewing your data sharing contracts to ensure adequate data protection clauses are in place to reflect Controller to Controller, Controller to Processor and Processor to Sub-Processor relationships.
- Data Mapping – a full and clear understanding of the personal data flows into, around and out of your business is essential to complete your Records of Processing Activity (ROPA), under Article 30 of the GDPR. This may sound like a daunting task, but our consultants are experienced in approaching this in a logical way, allowing the business to be mapped out.
- Conducting DPIA’s – where new, or upgraded systems are being implemented, you are required by law to carry out a data privacy impact assessment to understand the potential risk to individuals by the new technology.
- Any risks will need to be addressed before it goes live – and the consultant working with you will guide you through this.
- Drafting privacy notices, policies and documents that truly reflect the processing activities of your business. Under the GDPR, accountability is a key data protection principle and one of your greatest challenges will be to interpret your processing activities into these respective documents. Thankfully, our privacy consultants are experienced in policy writing and can handle this for you.
- Information Security – weak or inadequate data security measures to protect your personal data at rest will make it easy for hackers or other persons to gain unauthorised access to the personal data held by the business.
- With IT compromises being a major cause of data breaches, our IT specialists will ensure your systems offer an appropriate level of protection, based on the type of data held.
- Staff training – a significant proportion of data breaches are caused by staff who have received little or no data protection training. While we don’t expect your staff to become instant GDPR experts, basic regular training sessions relevant to their role in the business can help prevent careless errors in the way personal data is handled. PRIVACY HELPER’s own e-learning platform can address this instantly.
How much will it cost?
If you engage with us to provide guidance to your business, like our ethos, our pricing structure is simple, straightforward and highly competitive.
We charge £150 per hour. This is highly competitive compared to other London GDPR consultancy services – why pay more for GDPR compliance if you still have access to the experts?
Our hourly rates mean you only pay for EXACTLY the time we need for the task – our hours are recorded on timesheets, so we are fully accountable for time vs tasks!
Packages
We believe in making it easy for our clients to work with us and offer Remediation / Support / DPO Packages that align with your budget and risk appetite. have a range of packages that make it easy for clients to work with us long-term – please ask for details.
Get in touch today to speak to our expert consultants and let us take the worry out of your GDPR programme – it could be the best call you make today to give your business the confidence it needs to tackle this obstacle.
