The GDPR is a highly complex piece of legislation that all businesses are required by law to prove their compliance with. Many are unable to, however, suffer the consequences when asked to demonstrate this. Examples include losing major contracts as they are unable to respond to due diligence requests in sufficient detail, or, risk enforcement action such as fines or orders to stop processing from the ICO.
A specialist GDPR consultant from PRIVACY HELPER could address all these issues without delay – therefore protecting your business from the pitfalls of non-compliance. Our experienced, highly qualified privacy team are able to quickly recognise the greatest processing risks to your business – and can implement practical and effective solutions to address these challenges – no matter how large or small your business is.
What to look for in a consultant
The market is full of people claiming to be “GDPR consultants” – so what should you look for when engaging? We look at several key features of a skilled GDPR consultant.
- They have a professional qualification. Our experienced consultants are either, recognised European Privacy qualifications or are studying for them.
- They have many years of experience in privacy.
- They have an in-depth knowledge of both the UK GDPR and the Data Protection Act 2018 – and can interpret the demands of these when speaking to business owners.
This is why you can be confident of trusting PRIVACY HELPER with your compliance programme – we have the most skilled, experienced, consultants in-house so we can be sure of delivering the most professional service to our clients.
Contact us NOW to find out how our consultants can help your business navigate its GDPR compliance programme. Our experienced privacy consultants make even the most challenging privacy legislation easy to implement across your business:
GAP analysis
We conduct the most detailed GAP analysis. Leaving no stone un-turned in our first audit of your business, we identify the processing activities in your business that fail to meet the demands of the GDPR.
From your client base, to your supply chain and wider business partners, all parties that your business shares personal data with are examined for their compliance with the legislation. In the instances where you are the data controller – and therefore liable by law – we explain the risk, the implications and how to address these.
Where you are the processor, we explain your alternative obligations in relation to your client or business associate, the data controller.
At the end of our GAP analysis, we provide you with a report detailing your processing activities split by department – and colour-coded Red, Amber, Green to highlight the critical risks through to the non-critical.
We deliver an Executive Summary for the Board to understand perfectly where their true business exposure lies – and how this can be addressed via an efficient and professional, yet affordable strategy.
Remediation
After we have completed and delivered our detailed GAP Analysis, our consultancy team will begin work on the remediation.
Every company needs some degree of remediation and our experts have the skills to implement this without delay by prioritising by your greatest risks – whether this be your outbound marketing activity, your data transfer mechanisms, your data storage capabilities, or contractual failings.
Our Privacy Team will establish a working project plan for you – which will demonstrate to external parties (including the ICO, if required) that you have committed to a GDPR compliance programme to ensure your organisation embraces a “privacy by design” culture.
GDPR strategy implementation
Our experienced GDPR consultants will build a tailored privacy roadmap for your organisation – bespoke to you, the challenges you face and your risk appetite. This roadmap will recognise that GDPR is both a procedural project and one requiring cultural change – privacy must be embraced from the Post Room to the Board Room.
Projects will include:
- Assessing the legality of your data transfer mechanisms – both domestically and cross-border.
- Reviewing your data sharing contracts to ensure adequate data protection clauses are in place to reflect Controller to Controller, Controller to Processor and Processor to Sub-Processor relationships.
- Data Mapping – a full and clear understanding of the personal data flows into, around and out of your business is essential to complete your Records of Processing Activity (ROPA), under Article 30 of the GDPR. This may sound like a daunting task, but our consultants are experienced in approaching this in a logical way, allowing the business to be mapped out.
- Conducting DPIA’s – where new, or upgraded systems are being implemented, you are required by law to carry out a data privacy impact assessment to understand the potential risk to individuals by the new technology.
- Any risks will need to be addressed before it goes live – and the consultant working with you will guide you through this.
- Drafting privacy notices, policies and documents that truly reflect the processing activities of your business. Under the GDPR, accountability is a key data protection principle and one of your greatest challenges will be to interpret your processing activities into these respective documents. Thankfully, our privacy consultants are experienced in policy writing and can handle this for you.
- Information Security – weak or inadequate data security measures to protect your personal data at rest will make it easy for hackers or other persons to gain unauthorised access to the personal data held by the business.
- With IT compromises being a major cause of data breaches, our IT specialists will ensure your systems offer an appropriate level of protection, based on the type of data held.
- Staff training – a significant proportion of data breaches are caused by staff who have received little or no data protection training. While we don’t expect your staff to become instant GDPR experts, basic regular training sessions relevant to their role in the business can help prevent careless errors in the way personal data is handled. PRIVACY HELPER’s own e-learning platform can address this instantly.
How much will it cost?
If you engage with us to provide guidance to your business, like our ethos, our pricing structure is simple, straightforward and highly competitive – you only pay for the time we work!
For one-off engagements, we charge an hourly rate of £150 per hour. If you engage us as part of a longer-term support contract, our rates fall to between £150 – £125 per hour. This is highly competitive compared to other London GDPR consultancy services – why pay more for GDPR compliance if you still have access to the experts?
When on-site, our working day is 9am – 5pm. For site visits, reasonable subsistence expenses are charged, however, these are all agreed by you in advance. On large-scale projects, where our EU or Global work is required, fees are £250 per hour.
Our hourly rates mean you only pay for EXACTLY the time we need for the task – our hours are recorded on timesheets, so we are fully accountable for time vs tasks!
New Clients
If you are a new client, we require 25% of the engagement invoice to be paid at the time of booking. An invoice is raised at the end of every month to cover the work completed in that period (until the completion of the project).
We hope this gives clients the confidence to engage with us – proving that we’re committed to providing you with a first-class professional service data protection service and one that you will be confident to tell your business network about.
Existing Clients
We have a range of packages that make it easy for clients to work with us long-term – please ask for details.
Get in touch today to speak to our specialist consultants and let us take the worry out of your GDPR programme – it could be the best call you make today to give your business the confidence it needs to tackle this obstacle.