CaPS offer a range of services to support you with your journey to GDPR compliance, for clients in Surrey, West Sussex, Kent & London. We have a range of services which are scalable to accommodate the size and complexity of your business. These include:
GDPR Data Inventory and Data Map
A data inventory, or a personal information audit, is a fundamental requirement of understanding what data you hold, how you obtain it and your lawful purpose for obtaining it. In addition, this process will help you adhere to the key principles of data minimisation, purpose limitation, storage limitation, and accuracy. It will form the basis of your required record of processing.
Virtual Data Protection Officer (DPO)
The regulations provide for the involvement of a Data Protection Officer (DPO) in the achievement of compliance as well as maintaining that hard-earned position. Some organisations, such as Public Authorities will need to appoint a DPO by law, others can choose to do so, as it is recognised as good practice. However, you do not have to employ someone full time, you can access DPO support through our Virtual DPO service. Our support packages can be scaled to provide the appropriate level of support to your organisation, giving you a cost-effective alternative to establishing a salaried position.
GDPR Gap Analysis
It’s really difficult to know where to begin especially when the day job is busy! Our Gap analysis report allows for an objective review of what policies, practices and working practices are already in place. We build on the data inventory to determine a full picture of your data processing operations, as well as identifying your commercial relationships and third party suppliers. This way we understand whether you are a Data Controller, Processor or both! The resultant report is a comprehensive view of data processing along with the ‘gaps’ identified and recommendations to get your business on the road to compliance!
Data Protection Impact Assessments (DPIA)
Under the GDPR, if you implement new data process, such as marketing which you hadn’t before, or collect data for a new purpose, you will be obliged by law to conduct a DPIA. This is a risk assessment process designed to identify the risk of your process breaching the data subject’s information and the impact that would have on the individual. From that assessment, you can put into place more granular risk mitigation measures to avoid the risk as far as possible. If you currently process sensitive or high risk data, it is good practice to undertake a DPIA as part of your overall compliance programme of work. Our GDPR consultants can develop these DPIA’s with you and stakeholders.