Our Service

European Union sign

AUDIT

Audit - does your company is UK GDPR compliance

European Union sign

UK GDPR documentation

Preparation of full required UK GDPR documentation

European Union sign

TRAINING

"UK GDPR for Business" +  "Cyber Security - Introduction" online courses

Is this service right for me?

Customer 1

I have been running a company for some time, I have never dealt with the protection of personal data, but I just received a letter from the ICO informing me that I have some responsibilities in this area.

Customer 2

I'm starting a new business and I want to take all necessary steps to make sure that my actions are consistent with the law's requirements in every area.
SERVICE choosing
Complex UK GDPR

COMPLEX UK GDPR =
AUDIT + UK GDPR DOCUMENTATION + TRAINING

This service is suitable for:

  • new companies
  • already existing businesses that have not yet implemented procedures for the protection of personal data

Audit

When preparing an audit of your company, we will ask you for information of personal data that you collect from individuals, including clients and / or employees, as part of your business – the audit questionnaire is a form with questions that you will receive from us by email.

Next, we will examine the database of personal data in your company to verify who has access to them, when, and for what reason.

We will establish the legal basis that justify your possession of the personal data you process, as well as its category, the purpose for which you may use it, and the time frame during which you have the right to disclose it.

Next, we will determine if you are the only controller or if you’re also in charge of processing personal data as a processor, as well as what responsibilities from this role are applicable to you.

If your business has UK GDPR documentation already, we will review it to determine whether it complies with the law and how it is currently operating.

We will describe all this for you in the “Post-Audit Report”, which will also contain a list of UK GDPR documents necessary and recommended for your company.

Documentation

We will prepare the necessary UK GDPR documentation for your company, both the one that is necessary to disclose to website users and the one that regulates the company’s internal rules and is subject to the control of the unit supervising the application of personal data protection law (ICO in the UK).

As the provisions of the UK GDPR do not contain ready-made forms or templates, but only the rules to be followed by the personal data controller, it is difficult to predict in advance which documents will be necessary and which ones are additionally recommended specifically for your company.

However, you can be sure that we prepare the documentation with the greatest care and with the intention that having it will protect your company in the event of inspections and claims for damages.

Documentation – mandatory for all entities:

PRIVACY POLICY – a general internal document of the company containing a complete description of data protection in the company,

PRIVACY NOTICE – a document describing how the company protects the personal data of customers/suppliers/external persons, for publication on the website/at the company’s headquarters,

DATA RETENTION POLICY

DATA BREACH NOTIFICATION PROCEDURE

RECORD OF PROCESSING ACTIVITIES (ROPA),

DATA BREACH RECORDS.

 

Depending on the company’s organisational structure, an example of supplementary paperwork would be:

1. RISK ANALYSIS (DATA PROTECTION IMPACT ASSESSMENT – DPIA) – you need to conduct a DPIA if what you do with personal data is likely to cause a high risk to the rights and freedoms of individuals, especially in the case of new technologies.

2. STAFF DATA POLICY, AUTHORISATION TO PROCESS PERSONAL DATA, RECORDS FOR AUTHORISATION

3. REGISTER OF REQUESTS OF PERSONAL DATA SUBJECTS (RECORDS OF DSAR)

4. AGREEMENT ON THE PROCESSING ON BEHALF OF A CONTROLLER

5. DATA SECURITY POLICY – may contain provisions regarding: SOCIAL MEDIA POLICY, PASSWORD POLICY, ELECTRONIC MESSAGING POLICY

6. COOKIES POLICY  – if you have a website

7. BRING YOUR OWN DEVICE TO WORK POLICY (BOYD)

8. TEMPLATE OF CONSENT TO USE OF IMAGE (MEDIA CONSENT)

9. SENSITIVE DATA PROCESSING POLICY

10. CCTV POLICY

Training

To protect personal data, you and your employees need to understand the principles of this protection, and also basic knowledge in the field of cyber security.

Two online courses developed by us in this field will be available for you and your company’s employees – online:

  • UK GDPR for Business
  • Introduction to Cyber Security

Result

  • You can be sure that your company's documentation is complete
  • After changes in your company, the new document has been implemented in accordance with the legal requirement
Audyt, dokumentacja i trening
PACKAGE A

£ 2100

AudIt+Training+
Dokcumentation

Medium/Large business

Medium and large business is: any business, regardless of the type of business, the number of employees and the type of personal data processed on a daily basis.

PACKAGE B

£ 799

AudIt+Training+
Dokcumentation

small business

Small Business is: a company that does not process sensitive data and has no more than 3 employees.

Make an appointment for a free consultation

Go to the calendar, which will show you available dates.

Choose a day and time that suits you.

1 hour before the selected date of the online meeting - we will send you an email - a link to the meeting room.

See you soon

Free online meeting

We will help you implement personal data protection in your company

Contact
Scroll to Top
Cookie Consent with Real Cookie Banner