CaPS - Privacy
Yes, it’s true, it isn’t only the GDPR that requires close attention, but also the Data protection Act 2018 and the Privacy and Electronic communications Regulations too!
CaPS – Privacy offer a range of services to support you with your journey to compliance with the UK’s Data Protection laws including the UK GDPR. We are based in the South East of England but we’re able to support organisations nationally. Our services are scalable to accommodate the size and complexity of your business. These services include:
Data Inventory, Record of Processing and Data Mapping
A data inventory, or a personal information audit, is a fundamental requirement of understanding what data you hold, how you obtain it and your lawful purpose for obtaining it. In addition, this process will help you adhere to the key principles of data minimisation, purpose limitation, storage limitation, and accuracy. It will form the basis of your record of processing activity, something almost all organisations require.
Virtual Data Protection Officer (DPO)
The GDPR provides for the appointment of a Data Protection Officer (DPO) to support and monitor compliance.. Some organisations, such as Public Authorities must appoint a DPO by law, others can choose to do so, which is recognised as good practice. However, you do not have to employ someone full time, you can access DPO support through our Virtual DPO service. Our support packages can be scaled to provide the appropriate level of support to your organisation, giving you a cost-effective alternative to establishing a salaried position.
We understand that it is really difficult to know where to begin especially when the day job is busy! Our Data Protection/ GDPR Gap analysis report allows for an objective review of what policies, procedures and working practices and technical measures are already in place and where you need to fill any ‘gaps’. With this benchmark report, you can commence a programme of improvement and measure your improvement!
Data Protection Impact Assessments (DPIA)
Under the GDPR, if you implement new data process, such as marketing which you hadn’t before, or collect data for a new purpose, you will be obliged to conduct a DPIA. This is a risk assessment process designed to identify the risk of your process breaching the data subject’s information and the impact that would have on the individual. From that assessment, you can put into place more granular risk mitigation measures to avoid the risk as far as possible. Our GDPR consultants can develop these DPIA’s with you and stakeholders.