Data Protection Accountability
Highly qualified and motivated data protection professionals
Much of the data protection law is about risk assessment, identification and mitigation. Data Compliant helps you meet the Accountability requirements of GDPR, DPA and proposed DUA. These include leadership and oversight; policies and procedures; training and awareness; meeting individuals' rights; ensuring transparency around your processing; the requirement to keep and maintain records of processing activities (data mapping); ensuring you have appropriate contracts and data sharing agreements; conducting Data Protection Impact Assessments; managing your records and security; and how you respond to / manage any data breaches.
Data Compliant's Accountability Services
Data Compliant helps clients work to meet the law's accountability requirements, in a way that is simple, concise, and tailored to the size, scale and scope of your business. The first step is to determine in which areas of Accountability you need us to help. These are generally driven by you, or identified by Data Compliant during a healthcheck or audit. Accountability in data protection can cover a wealth of different topics (see below) across a number of areas - including Artificial Intelligence, data sharing, and records management.
RoPA (Records of Processing Activity - Data Mapping)
We help clients understand what is data mapping, why it matters, and how it helps you with your every day working practices. We work with the relevant people in your teams to help put formal data mapping flows in place, from source to processing to retention schedules. Then we work with you to set a process by which the RoPA can be actively maintained.
Data Protection Impact Assessments (DPIAs)
We help you understand what is a DPIA, what are the benefits, how to establish when or whether you actually need to conduct a DPIA, what information should be included within it, who should be consulted, and how to assess the risks associated with the processing. We then work with you to provide insights into how you might mitigate those risks.
Data Breach Management - Response and Evaluation
We help you identify what is a data breach, and evaluate its severity. We help you determine whether it is reportable, and if so, to whom. We help you do so in as simple and positive a manner as is possible. We also help you develop your policy and processes for doing so, and devise strategies for you to contact data subjects through appropriate channels.
Data Governance Oversight and Leadership
We work with our clients to ensure that you have in place a data governance framework and supporting processes to help you embed data protection throughout the whole organisation. As part of this task we consider how you might want to incorporate data protection operational roles and oversight groups into your governance structure. As part of this process, we help you assess whether or not you are obliged to (or might choose to) appoint a Data Protection Officer (DPO).
Supplier and Client Due Diligence
As data controller, you remain responsible for the suppliers and vendors you choose to appoint as your data processors. As data processor you need to satisfy yourselves that your clients are operating within the data protection legislation. We help you understand the appropriate levels of due diligence checks / compliance reviews you need to undertake to protect yourselves by checking that your chosen providers - or even your clients - are meeting data protection legal requirements.
Contracts and Data Processing Agreements
Whether you are a data controller or data processor, you need contracts in place when you are sharing or receiving data from other parties. We help you meet your needs around controller to processor and / or controller to controller data sharing / data processor agreements. We provide information and advice around restricted transfers, including the use of Standard Contractual Clauses and other transfer mechanisms. We assist you in completing Transfer Impact Assessments as needed. And will advice on the information you require in your data sharing policies and supporting procedures.
Artificial Intelligence
We help you meet your compliance and security accountability requirements around developing and using AI systems, including automated decision making, within your business. we consider your privacy management framework that supports your use of AI; and your development and oversight of the AI system; how you are using the tools. We help you understand the essential role played by DPIAs to help you document system specifications, testing and the risks and mitigations put in place. Risk- based audits help you assess AI systems compliance, both with the law and your own internal policies.
Data Sharing
Sharing personal data compliantly between - or even within - companies can be fraught with difficulty. We help you navigate your accountability requirements, especially around transparency, legal basis, purpose definition, data sharing agreements and so on. Whether you share data on a controller to controller basis or controller to processor basis, we help you identify the data privacy accountability requirements; create policies; and educate staff. We work with you to help determine the purpose and procedures around the operational aspect of the data sharing; and assess the transfer mechanisms required for global transfers.
Records Management
Good records management is essential in supporting excellent data governance and data protection. From data collection to records creation; access to movement and retrieval; maintenance to disposal and deletion; Data Compliant works with clients to achieve efficient, organised and secure records management. We help you assign strategic responsibility and oversight; develop and implement operational processes; and develop accessible and standardised policies; we help you train your workers to understand and follow them. We also help you assign appropriate security classification to your records and personal information.