what we offer.
business strategy audit and processes.
The foundation of data compliance is understanding your business, the data which is processed, and the benefit it may have for your products and services. We work with clients to help them map the personal data held, understand why it is needed and for what purpose, as well as identify data transfers, data flows, and data sharing/processing relationships.
This includes embedding data compliance and privacy by design within related business contracts, strategy, and decision-making, as well as end-to-end advice and support for large-scale projects including data audits, IT migration, product launches, technology development, and data sharing/transfers.
compliance documentation.
Whether driven by regulatory requirements to provide privacy information, ensure contracts are drafted correctly, establish compliant data transfer mechanisms, or generally demonstrate accountability under the UK GDPR, a business will always need to start with its policies, procedures, and contracts.
However, and more than this, these documents provide clarity so that personnel understands how they may treat data and innovate using it, whilst providing for robust and documented data sharing and processing which underpin product development, service delivery as well as R&D.
We support clients with:
- Creation and review of related policies, including privacy information, data protection and retention, Infosec, BYOD, and mobile/home working;
- Personal data-focused contract drafting, including data-sharing agreements, data licensing arrangements, data processing addendums, and SCCs.
- Cookies guidance, Policy drafting, and advice.
engaging with the people whose data you hold (data subjects).
No matter your business sector, your business activities will always involve the processing of personal data of “data subjects”, whether this is your employees, end consumers, contacts at suppliers, or subscribers to your marketing lists. Whilst this is to be expected, it is also to be expected that engaging and communicating with these individuals requires due consideration and attention.
Whether you are looking to implement a new marketing strategy or buy a database, seeking to make a change in your employment structure, understand your consumer behaviour, or respond to an access request, it is important to understand the requirements so your business can make the most of its valuable relationships. Our team will guide you through these interactions, including:
- Responding to rights requests and DSARS
- Implementing a new, compliant marketing strategy
- Managing employee complaints claims and restructures
- Leveraging third-party database suppliers
- Analysing and communicating with your consumer base
ICO engagement and enforcement.
In the event that regulatory oversight has become required or otherwise enforced, for example in the event of a data breach, managing a complaint, or other enforcement activity, we will support you through engagement with the ICO. We find that by engaging fully with regulatory processes, having clear processes and policies in place, and taking prompt remedial action, the ICO seeks to work with businesses in most instances.
We also believe there is a real benefit in looking to include the ICO in new product ideas and innovations involving personal data processing in a new or unusual way, to ensure that delays and u-turns are avoided further down the line, whilst allowing a business to focus on deriving the value from the effort put in. Whatever the reason for engaging with the ICO, we will support you through the process.
how it works.
It starts with a conversation to understand your current needs or concerns in relation to data compliance, as well as gathering information on the wider context of how your business operates and the data it processes. From there will agree with you on a scope of recommended actions and priority so that resources can be allocated sensibly and proportionately. It may be that a full audit is relevant, or just an update of an existing policy, but in any event, we always agree on a clear and transparent scope with you. We can offer fixed fees, retainer, and T&M-based services.