GDPR and Data Protection Officer Solutions

We deal with personal data and have a range of either digital tools or briefing and training and awareness sessions, audits and Data Protection Officer Services.

ABOUT US

We provide GDPR and Data Protection Officer Solutions

Equinoxx has a proven track record of working successfully throughout any sized organisation and can advise and bring together all the functions of the business in order to ensure overall and ongoing UK GDPR compliance.

For organisations to achieve ongoing compliance and privacy by design and to embed this cultural shift in how everyone from the board down and throughout the organisation views and deals with personal data Equinoxx have a range of either digital tools or briefing and training and awareness sessions, audits and Data Protection Officer Services.

"There is no silver bullet to ensure GDPR compliance, but arguably the biggest change is around accountability. The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation"
Elizabeth Denham, the UK’s Former Information Commissioner.

GDPR SERVICES

Board Briefing Session

A two-hour session covering the basic principles of the UK GDPR in terms of the risks, penalties, data subject rights, including a cyber threat overview. This ensures the organisation sets the tone from the top down.

Staff Training & Awareness

sessions delivered to all staff to evidence they have been briefed on the Regulation and have an understanding and where necessary the correct knowledge and training. This will need to be evidenced and shown as part of the organisation’s ongoing training policy. This is a vital part of the cultural shift in a business as it enables every employee to understand the "why".

UK GDPR e-Learing

45-minute online course that includes knowledge checks and final test. The certificate is valid for 2 years.

Achieving Compliance

Audit of processes and procedures

This produces a remediation/action plan and helps to identify the organisation’s current position in terms of compliance.

Data mapping and Record of Processing Activities

A data inventory and data flow map of your company’s personal data, which will plot data in all of its forms, origins, paths, exit points and storage locations, giving an indication of where personal data exists in your network infrastructure and devices, servers, endpoints and protocols, and all data exit points (including firewalls, printers and endpoints where sensitive information can be copied to portable media).

Data Protection Impact Assessments

Understanding how and when to use a DPIA and their usage as a risk assessment tool.

Policy and Procedural Templates

To ensure the necessary documentation and evidence of compliance.

DPO requirement

To understand if a DPO is required and how they need to work in terms of access, workload, internal and external contacts.

Risk assessments

To understand what level of risk personal data is exposed to and to mitigate those risks, if needed.

CONTINUED COMPLIANCE

Organisational Audit

An audit that can be carried out annually. It will measure an organisation’s current situation in terms of compliance and help to ensure that the UK GDPR has not been seen as a one-off box ticking exercise and ongoing continuous improvement, measurement and analysis are taking place. This one-day audit will take a comprehensive look at all aspects of the UK GDPR and the current processes, procedures and policies that have been adopted and utilised within the organisation. This will ensure that compliance is being applied, unforeseen risks are being identified and managed accordingly. The DPO audit team will examine documentation, review organisational processes and conduct key staff meetings where applicable.

Outsourced Data Protection Officer Services

Given the evolving nature of the UK GDPR and complexity of its interpretation, many businesses would not have the immediate resource to effectively undertake this Data Protection Officer role. Consider for example, would your organisation be able to:

  • Recognise and handle a Data Subject Access Request (DSAR)?
  • Report a notifiable data breach to the ICO within 72 hours and the process involved?
  • Conduct and implement a Data Protection Impact Assessment?
  • Dedicate the ongoing time required to remain compliant alongside the day job, without a conflict of interest?

The GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority or body, or if you carry out certain types of processing activities. DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority. The DPO must be independent, an expert in data protection, adequately resourced, and must report to the highest management level.
Information Commissioner's Office

OUTSOURCED DPO

DPOs can help you demonstrate compliance and are part of the enhanced focus on accountability

OUR Packages

DPO Core

Assigned virtual DPO - 4 hours per month to include:

  • Named independent Data Protection Officer
  • Updates on Data Protection law, ICO guidance and ad hoc alerts
  • Advice on Data Protection Impact Assessments
  • Advice on Information Security Management Systems (ISO 27001)
  • Advice on Data Subject Access Requests
  • Policies and procedures - complete documentation toolkit
  • Data breach reporting advice and liaison with ICO
  • Data protection risk register
  • Staff awareness training
  • Data breach management
  • Complete audit on systems and processes
  • Annual board brief on organisational compliance
Get in Touch

DPO Plus

Assigned virtual DPO - 7 hours per month to include:

  • Named independent Data Protection Officer
  • Updates on Data Protection law, ICO guidance and ad hoc alerts
  • Advice on Data Protection Impact Assessments
  • Advice on Information Security Management Systems (ISO 27001)
  • Advice on Data Subject Access Requests
  • Policies and procedures - complete documentation toolkit
  • Data breach reporting advice and liaison with ICO
  • Data protection risk register
  • Staff awareness training
  • Data breach management
  • Complete audit on systems and processes
  • Annual board brief on organisational compliance
Get in Touch

DPO Pro

Assigned virtual DPO - 10 hours per month to include:

  • Named independent Data Protection Officer
  • Updates on Data Protection law, ICO guidance and ad hoc alerts
  • Advice on Data Protection Impact Assessments
  • Advice on Information Security Management Systems (ISO 27001)
  • Advice on Data Subject Access Requests
  • Policies and procedures - complete documentation toolkit
  • Data breach reporting advice and liaison with ICO
  • Data protection risk register
  • Staff awareness training
  • Data breach management
  • Complete audit on systems and processes
  • Annual board brief on organisational compliance
Get in Touch
All contracts are subject to a minimum 12-month term with 10% discount offered on 24-month contracts.

Assigned Virtual DPO

Access to one of Equinoxx's virtual DPOs allows you to subscribe to a monthly service giving you access to an accredited UK GDPR Practitioner via online meeting, telephone or email to provide initial expert guidance and advice on data protection and UK GDPR related questions within your business, through a cost-effective managed service.

Named DPO

Named independent Data Protection Officer

The DPO is required to have access to all areas of an organisation without a conflict of interest (Article 38 (6)), work independently without instruction (Article 38 (3)) and will require detailed expertise in the UK data protection legislation to fulfil the role. When engaging the Equinoxx outsourced DPO service we will assign you a specific UK GDPR practitioner, who will work closely with your organisation to monitor/inform/advise of ongoing UK GDPR compliance.

DPIAs

Conducting and advising on Data Protection Impact Assessments

The UK GDPR requires that “the controller shall seek out the advice of a Data Protection Officer, where designated, when carrying out a Data Protection Impact Assessment” (Article 35) When an organisation identifies the requirement for a DPIA the Equinoxx DPO will consult on the assessment in line with the regulation when looking to implement a new project or initiative.

Updates

Updates on data protection law, ICO guidance and ad hoc alerts

As emerging case law further defines the interpretation and application of UK GDPR, the very nature of the regulation will be subject to change as it is interpreted, derogations are set and amended in different member states (Articles 85-91). Ensure that your organisation is kept up to date with the ever-changing UK GDPR landscape via Equinoxx notifications.

Onsite Audit

Complete onsite audit on systems and processes

Depending on your service plan, Equinoxx will conduct onsite audits at regular intervals to ensure that compliance is being applied, unforeseen risks are identified and managed accordingly. The Data Protection Officer audit team will examine documentation, review organisational processes and conduct key staff meetings where applicable (up to 8 hours is required for the audit; these can be achieved in 4 weekly 2-hour sessions).

DSARs Advice

Advice on Data Subject Access Requests

DSARs handed to organisations will be presented in a variety of guises, for example; a disgruntled ex-employee wanting their personnel records, possibly a competitor wishing to disrupt operations, or simply a customer inquiring what personal data you hold. The Equinoxx Data Services Data Protection Officer will advise on the management of how to handle DSARs, covering areas which could range from:

  • Securely identifying and corresponding with the data subject
  • Collecting the appropriate data
  • Identifying the data appropriate to the data subject’s request
  • Managing correspondence with the data subject
  • Preparing and redacting the documents for delivery to the data subject

Staff Awareness Training

All new or existing staff can be your greatest asset; however, they can also be your greatest risk due to the personal data they will encounter throughout the course of their duties. Equinoxx provide expert education and awareness sessions on the evolving regulations (frequency based on your service plan) to ensure that all staff are trained in how to identify personal data within their remits and the organisational processes required to be compliant in line with GDPR (1-hour session for up to 30 staff).

Data Breach Advice

Data breach reporting advice and liaison with the ICO

The initial challenge organisations face is determining how to proceed when a breach has occurred. Under UK GDPR, you have 72 hours to notify the ICO once you have discovered a breach, however not all breaches are notifiable if they are not likely to impact the rights and freedoms of individuals, which presents significant challenges when deciding if this is the case without possessing expert knowledge and support. Your Eqxuinoxx Data Protection Officer (DPO) will advise and guide you in determining the circumstances surrounding the breach and whether the ICO need to be notified. Our UK GDPR practitioners will act as your organisation’s main point of contact with the supervisory authority and data subjects, who also need to be contacted directly when a “high risk” breach occurs, without undue delay.

Data breach onsite management

During a breach investigation, the source and nature of the breach may not be immediately apparent and as such has the scope to increase in complexity within a short time frame. The DPO will be required to make necessary site visits to conduct further investigations and to guide the organisation through this turbulent period. We will help you understand the nature of the incident in relation to the regulation, the required communication with both internal and external parties, and provide clarity on the action required to recover from a breach.

Data protection risk register

Identifying, managing, and ultimately reducing risk is a key component of an organisation’s compliance. The DPO will consult with your organisation to compile a centralised register of data protection privacy risks, scoring those risks appropriately according to the organisational risk appetite and the resulting action required on their resolution as part of a wider compliance framework.

Annual board brief

Annual board brief on organisational compliance

The UK GDPR holds those at the top of an organisation responsible for its compliance through proper governance. If an organisation is non-compliant at worst it could be subject to significant fines of up to 4% of global turnover or £17.5 million whichever is greater, but an organisation may also suffer organisational sanctions and the resulting reputational damage which can be crippling.

Euinoxx will provide a comprehensive onsite board brief on your UK GDPR compliance status. The brief will highlight the current risks involved, the importance of good governance in UK GDPR compliance, which will ultimately help enhance the organisation’s public image and install confidence that consumers' data is being handled appropriately.

ISO 27001

Information Security Management System

Following Russia’s invasion of Ukraine, the National Cyber Security Centre is calling on UK organisations to strengthen their online defences. Organisations should review their cyber security defences and take actions to improve their resilience in this time when the cyber threat is heightened.

The ISO 27001 standard provides the framework for an effective Information Security Management System (ISMS). It sets out the policies and procedures needed to protect your organisation and includes all the risk controls (legal, physical, and technical) necessary for robust IT security management.

By becoming certified companies are showing a commitment to ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost, or stolen.

Through ISO 27001 certification, your company can demonstrate compliance with internationally recognised standards of information security.

Compliance

An Information Security Management system demonstrates your compliance with internationally recognised standards of information security, helping you to fulfil your legal obligations and comply with various regulations.

Confidentiality

It keeps confidential information secure by putting in place detailed security policies and access management, allowing for the secure exchange of information.

Risk Management

The Standard manages and minimises risk exposure, providing customers and stakeholders with confidence in how you manage risk.

Customer Satisfaction

It enhances customer satisfaction, which improves client retention.

Culture of Security

Businesses get buy-in from your employees and stakeholders, building a culture of security.

All-round Protection

It protects the company, assets, shareholders, and directors.

Get in Touch!

Find Out What we Can do for you!