Data Protection & GDPR

Data Protection & GDPR

Data Protection and GDPR

Ensuring your data is fully protected against unauthorised access, loss or destruction, and is compliant with GDPR and all other data protection regulation

laptop-security-icon.png

Protecting your data

Data Protection is about more than just making your data compliant. No matter where your data is located, or how it is stored, or what type of data it is, it needs to be protected against unauthorised access, loss and destruction.

AiM's data protection services help you to understand your vulnerabilities, and address them. Data can then be indexed and classified to ensure it is fully compliant with all data protection regulation including the GDPR.

Data Protection

Image_Grey_Text_Block_0001_GDPR-Our-Approach-L.jpg

Support and guidance for organisations at any and all stages of the data protection lifecycle

We apply a four stage approach to deliver fully protected, secure and compliant data.

Phase 1 “Discover”

This involves a Data Protection Officer (DPO) focused readiness review to discover all current aspects of the personal data (PD) model, Personal Information Management Systems (PIMS), data flow lifecycle, management and protection of data, and to identify any gaps in compliance with the clauses of the Regulation. Key outputs are data inventory and data map.

Phase 2 “Execute”

This involves executing the actions and IT system technology required for gap closure, ensuring sustainable and continuous compliance and management of the data lifecycle. May comprise relevant policies, processes, standards, data protection impact assessments, data incident management, SARs, regulatory roles/responsibilities (eg DPOs) and training.

Phase 3 “Comply”

This involves embedding all aspects of data protection through “data protection by design and default” governance and full application of the compliance model.

Phase 4 “Act”

This involves organisational checks to ensure PD data management and breach protection is working effectively and to take action where it is not. Also to review and implement changes to the compliance model arising from revised guidance or changes to EU GDPR. Finally to monitor and act upon new technology/trends that may impact PD and wider data protection.

Our GDPR Services

Image-Grey-Text-Block_GDPR_Services.jpg

Get compliant, stay compliant

Phases 1 and 2 of the roadmap will deliver an EU GDPR compliant model to your organisation. Phases 3 and 4 will ensure it embeds and works effectively in live operation.

Discovery Reviews

To understand scope of GDPR compliance implementation, and after implementation to check that GDPR compliance continues to work correctly.

By carrying out a Discovery Review for your organisation, we can help you to understand the scope of GDPR compliance implementation, and after implementation to check that GDPR compliance continues to work correctly.

Via questionnaires, interviews and site visits, AiM will review all aspects of your compliance with GDPR. Dependent on the duration and scope of the review, AiM will deliver:

  • A data inventory detailing the documents and repositories where personal data is maintained;
  • Data maps showing the flow of data through your organisation, highlighting hotspots which may require enhanced security or process changes;
  • An assessment of your information security status;
  • An assessment of your policies and procedures;
  • A review of your business-as-usual practices highlighting risk areas;
  • Recommendations for the appointment of a data protection officer; and
  • Recommendations for the changes required to move towards GDPR compliance.

The resulting recommendations can be used as the basis for the appointment of a data protection officer, and to guide the transition towards GDPR compliance.

To find out more email us here.

To find out more about our GDPR training, click here.

Qualified Compliance Lawyers

With expert knowledge of the GDPR regulations and wider corporate governance demands;

AiM partners with qualified lawyers who are fully IAPP accredited privacy professionals with specialist knowledge of the GDPR and a clear understanding of how clients can build on their existing systems and processes for data protection in preparation for the GDPR.

In conjunction with AiM our legal team works with our client’s existing teams and specialists such as HR, IT and Data Security, or external experts to guide you along your ongoing compliance journey.

Contact us to find out how our GDPR lawyers can help your organisation.

Click here to find out about AiM’s GDPR training courses.

IT Solutions

IT solutions to locate, identify, classify and protect all data – personal and non-personal – implement and maintain data inventories, data maps and to ensure all other requirements of GDPR compliance operate and are tracked effectively.

Interim Data Protection Officers

Our DPOs can provide a cost-effective solution for organisations not wishing or unable to appoint full time roles.

AiM provides interim Data Protection Officers for GDPR. This is a cost-effective solution for those organisations for which a full-time and permanent DPO is not appropriate.

Article 37 of the GDPR states that the controller and the processor shall designate a data protection officer in any case where:

  1. the processing is carried out by a public authority or body;
  2. the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
  3. the core activities of the controller or the processor consist of processing on a large scale of special categories of data and personal data relating to criminal convictions and offences.

In addition, the article also states that the Data Protection Officer (DPO) shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks required.

However, the GDPR does allow for a single DPO covering a number of jurisdictions, as long at they are easily accessible from each establishment, or a single DPO can cover multiple bodies. Also, the DPO may be outsourced, or may be a member of the data controller or processors team, as long as there is no conflict of interest.

This allows a company to fill their DPO role in the most expedient way, and provides an opportunity to use an outsourced or interim DPO. The interim role holder will have wide experience of setting up the mechanisms which will be used within the company in an ongoing basis. The position may initially require significant input, but as the structures are put in place, input will be reduced, and a permanent role holder can take over the responsibilities.

Key responsibilities include:

  • Compilation of data inventories and maps;
  • Determination of the legal bases for processing data;
  • Recommendations for data minimisation;
  • Recommendations for actions required to fulfil data subjects rights;
  • Risk assessments;
  • Data protection impact assessments;
  • Recommendations re changes to policies and processes, privacy notices; and
  • Recommendations re information security.

Contact us to find out if an interim DPO is right for your organisation.

Find out more about AiM’s GDPR training courses here.

Training

For managers implementing GDPR compliance, for new data protection officers, and for employees required to understand their role in the new regulations.

GDPR Training at all levels – Practical Application Not Impractical Information

With the new General Data Protection Regulation (GDPR) having come into force on 25th May 2018, now is the time to ensure your management team and employees are fully aware of their responsibilities and the actions to be taken.

AiM offers a range of GDPR training courses and awareness sessions for senior managers, new data protection officers and employees required to understand and comply with the new regulations. We focus on the practical application of GDPR in your business, tailoring the material to your needs.


AiM GDPR training courses:

Senior management training

A one day classroom training course covering all elements of GDPR with a particular focus on business risk, via interactive sessions, understanding your responsibilities regarding client and employee data and the actions to take to address the regulatory requirements. Attendees will leave the course with a good comprehension of the GDPR, know the right questions to ask of the business and the next steps to take as well as a plan for your business to assess and meet compliance.


Data Protection Officer training

A one-day classroom session giving an introduction to the regulation for new Data Protection Officers, to meet Article 37 of the GDPR which states that ‘The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices…’. Attendees will leave the course with a clear understanding of the regulation and a plan for your business to assess and meet compliance.


Employee awareness sessions

These training sessions are held in 3 different formats:

  • An At-the-Desk one hour briefing session delivered via e-learning to your employees, providing an excellent overview of the key points of the new regulation, your employees’ obligations and their own rights under GDPR.
  • An At-the-Desk GDPR awareness webinar, delivered by our CIPP(E) qualified GDPR consultants in individual or group sessions (1-100 users), which includes a Q&A session for your employees.
  • A one-day instructor-led GDPR training session, either at your premises or one of our training venues, specifically tailored to your business and industry.


Bespoke training sessions

We can tailor GDPR training to the specific needs of your industry, business and employees, in classroom training or workshops either at your own offices or at one of our training venues, and in webinar formats.

Our tutors have hands on experience of GDPR assessments and are CIPP(E) accredited, giving you the security of knowing that you will understand how the GDPR relates to your business, rather than what it means in isolation, and act accordingly.


For more information about our GDPR training courses, click here.

GDPR Data Governance Solution.png

In tandem with data compliance, dataBelt®'s data protection module has the capability to provide a comprehensive data protection/GDPR compliance response and fully support the activities of the enterprise's DPO and associated Privacy Office.

  • Open and manage all requests, enquiries and investigations in Case Manager
  • Classify and index all your data, identifying any personal data
  • Raise, process and monitor DSARs and FOIs
  • Search any data asset of any size or type, anywhere, and locate any data in any structured or unstructured format
  • Report and liaise with originator and all relevant authorities

 

contact.png Contact us