FP Consulting Ltd can help you comply with your obligations under Data Protection Legislation.

GDPR Consultancy

Assessment and Audit

The Review would highlight areas where your business maybe exposed in relation to the new GDPR requirements and raise awareness and knowledge on
the subject.

The Review would take the form of:-

In terms of our visit to your business see below some guidance on the type of
information that we will be looking for on the day. Hopefully this will give you
some guidance on who might need to be available at some point during the visit.

  1. An onsite visit to meet with Management to review Data Protection Policies and Procedures and to agree the Audit process.

     

  2. Onsite Audit. This would comprise of interview with staff from the different sections of your business. It would also include a review of your premises to observe data handling practice.

     

    • How the information is stored and who has access to it.
    • Has the information been collected fairly?
    • What is the purpose for which the personal information is collected?
    • Are there defined rules about use and disclosure of information?
    • What are the Security arrangements in place for data?
    • Is the information collected sufficient for our purpose/is the information held excessive?
    • Is all information accurate and up to date? What is the system for checking this?
    • How long is information held for?
    • What is the procedure for handling access requests?
    • Do you need to share data with third parties?
    • Do you need to be registered with the Data Protection Commissioner?
    • Are staff trained regarding data protection?
    • Has a data protection co-ordinator and compliance person been appointed?

     

  3. Offsite review of your existing Data Protection documents to include
    • Data Protection Policies
    • Codes of Practice
    • Privacy Statements
    • Access Controls
    • Incident Logs
    • Subject Access Request Logs
    • Report Logs
    • Training Material

4. Following this we will issue a Report outlining the findings from the Audit in relation to relevant headings under GDPR, identify key considerations for  our business and recommend measures to address any shortfalls.

We will also provide a Gap Analysis identifying the areas you will need to address to make your Business GDPR Compliant.

Our Data Protection Audit process is adapted from the Audit Guidance issued by the Office of the Data Protection Commission.

Policies and Procedures

We can work with you to develop and document your Data Protection Policies and Procedures, or review existing ones to ensure consistency with the requirements of the GDPR. Areas covered include:-

  • Data Protection Policy.
  • Data Protection Incident handling Procedure and Log.
  • Data Subject Access Request handling Procedure and Log.
  • Privacy Impact Assessment template.
  • Procedure for engaging Data Procedures template.
  • Personal Data Retention and Destruction Policy, including Retention Periods.
  • Procedures and Standards for securing Personal Data.

Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) is a structured method for identifying the privacy risks associated with your Projects and the means by which you can deal with them.

In some situations conducting a DPIA will be a mandatory requirement of the GDPR.

The DPIA is central to a “Privacy by Design” based approach to systems development. We can work with you to conduct DPIAs and integrate their outcomes into your projects.

Data Breach Management

The consequences for your Business of a significant Data Breach can be serious. This goes beyond the potential enforcement action from the Office of the  Data
Protection Commission. There will be possible implications for your Business reputation and these can be made worse if incidents are not promptly and professionally dealt with.

FP Consulting Ltd can help and guide you in your initial response to data breaches and conduct an independent Investigation on your behalf, to identify the causes and ensure there is no recurrence of the problem.

All Data Breaches must be reported unless they are unlikely to create a risk to the persons whose data has been compromised.

Data Protection Officer

FP Consulting Ltd can work with you to implement your Policies and Procures, either on a Fixed Term basis or you can outsource your Data Protection Officer (DPO) Role to us entirely.

Many organisations, including all Public Bodies and Authorities, are obliged by the GDPR to appoint a DPO.