Audit - does your company is UK GDPR compliance
UK GDPR documentation
Preparation of full required UK GDPR documentation
"UK GDPR for Business" + "Cyber Security - Introduction" online courses
Is this service right for me?
I have been running a company for some time, I have never dealt with the protection of personal data, but I just received a letter from the ICO informing me that I have some responsibilities in this area.
I'm starting a new business and I want to take all necessary steps to make sure that my actions are consistent with the law's requirements in every area.
Complex UK GDPR
COMPLEX UK GDPR =
AUDIT + UK GDPR DOCUMENTATION + TRAINING
This service is suitable for:
When preparing an audit of your company, we will ask you for information of personal data that you collect from individuals, including clients and / or employees, as part of your business – the audit questionnaire is a form with questions that you will receive from us by email.
Next, we will examine the database of personal data in your company to verify who has access to them, when, and for what reason.
We will establish the legal basis that justify your possession of the personal data you process, as well as its category, the purpose for which you may use it, and the time frame during which you have the right to disclose it.
Next, we will determine if you are the only controller or if you’re also in charge of processing personal data as a processor, as well as what responsibilities from this role are applicable to you.
If your business has UK GDPR documentation already, we will review it to determine whether it complies with the law and how it is currently operating.
We will describe all this for you in the “Post-Audit Report”, which will also contain a list of UK GDPR documents necessary and recommended for your company.
We will prepare the necessary UK GDPR documentation for your company, both the one that is necessary to disclose to website users and the one that regulates the company’s internal rules and is subject to the control of the unit supervising the application of personal data protection law (ICO in the UK).
As the provisions of the UK GDPR do not contain ready-made forms or templates, but only the rules to be followed by the personal data controller, it is difficult to predict in advance which documents will be necessary and which ones are additionally recommended specifically for your company.
However, you can be sure that we prepare the documentation with the greatest care and with the intention that having it will protect your company in the event of inspections and claims for damages.
Documentation – mandatory for all entities:
– PRIVACY NOTICE – a document describing how the company protects the personal data of customers/suppliers/external persons, for publication on the website/at the company’s headquarters,
– DATA RETENTION POLICY
– DATA BREACH NOTIFICATION PROCEDURE
– RECORD OF PROCESSING ACTIVITIES (ROPA),
– DATA BREACH RECORDS.
Depending on the company’s organisational structure, an example of supplementary paperwork would be:
1. RISK ANALYSIS (DATA PROTECTION IMPACT ASSESSMENT – DPIA) – you need to conduct a DPIA if what you do with personal data is likely to cause a high risk to the rights and freedoms of individuals, especially in the case of new technologies.
2. STAFF DATA POLICY, AUTHORISATION TO PROCESS PERSONAL DATA, RECORDS FOR AUTHORISATION
3. REGISTER OF REQUESTS OF PERSONAL DATA SUBJECTS (RECORDS OF DSAR)
4. AGREEMENT ON THE PROCESSING ON BEHALF OF A CONTROLLER
5. DATA SECURITY POLICY – may contain provisions regarding: SOCIAL MEDIA POLICY, PASSWORD POLICY, ELECTRONIC MESSAGING POLICY
6. COOKIES POLICY – if you have a website
7. BRING YOUR OWN DEVICE TO WORK POLICY (BOYD)
8. TEMPLATE OF CONSENT TO USE OF IMAGE (MEDIA CONSENT)
9. SENSITIVE DATA PROCESSING POLICY
10. CCTV POLICY
To protect personal data, you and your employees need to understand the principles of this protection, and also basic knowledge in the field of cyber security.
Two online courses developed by us in this field will be available for you and your company’s employees – online:
- UK GDPR for Business
- Introduction to Cyber Security
Medium and large business is: any business, regardless of the type of business, the number of employees and the type of personal data processed on a daily basis.
Small Business is: a company that does not process sensitive data and has no more than 3 employees.
Make an appointment for a free consultation
Go to the calendar, which will show you available dates.
Choose a day and time that suits you.
1 hour before the selected date of the online meeting - we will send you an email - a link to the meeting room.
See you soonFree online meeting