Data protection services
Processing of an individual’s personal data, by a data controller or data processor, is a critical business requirement that is enforceable by relevant legislation such as the UK Data Protection Act 2018 and EU General Data Protection Regulation (GDPR).
Organisations of all sizes, across all industry sectors and geographical locations, must carefully consider how to process and protect personal data in line with relevant legislation, notably EU General Data Protection Regulation (GDPR); UK Data Protection Act 2018 (DPA) as well as UK Privacy and Electronic Communications Regulations 2003 (PECR) derived from the EU’s ‘e-privacy directive’. Every organisation is accountable for processing personal data appropriately and protecting it from loss, theft or misuse. Personal data is more effectively processed through the implementation, and ongoing maintenance, of a robust framework covering, amongst other things: –
- Documented Policies and Procedures;
- System Security;
- Training and Awareness;
- Data Governance, Reporting and Oversight;
- Data Quality;
- Records Management;
- Data Mapping;
- Data Processing Agreements;
- Data Subject Access Requests;
- Data Protection by Design;
- Data Protection Impact Assessments;
- Marketing; and
- Breach Escalation and Response.
Additionally, consideration needs to be given to the interoperability between data protection, information security, business continuity and third party management.
As part of the accountability principle, organisations need to be able to evidence that they have appropriate technical and organisational measures in place to safeguard an individual’s personal data and that they understand their end to end data protection footprint at all times.
Organisations must consider protecting personal data at inception and thereafter throughout its entire lifecycle, as part of a privacy by design approach. When a type of processing results in a high risk to individuals, then a Data Protection Impact Assessment (DPIA) should be considered.
The consequences of not taking data protection seriously can be severe, not only are organisations subject to heavier financial penalties, a potential loss of customers or clients and an increase in operational outages but the reputation damage from a data breach may cause irreparable damage, from which an organisation is unable to recover.
Our data protection services are wide-ranging and can be tailored to our clients’ needs. So whether that is data mapping; a gap analysis; implementation of a framework; reviewing an existing framework or providing a virtual Data Protection Officer (vDPO), we can help our clients reach and maintain a ‘defensible position’.
Why choose Xcina Consulting
|We are recognised experts in data protection |
We engage with clients, of all complexities and sizes, across all industry sectors and geographies, supporting their data protection needs. Our consultants have data protection knowledge and expertise that pre-dates GDPR and UK DPA 2018.
|We help organisations achieve and maintain a defensible position |
We help our clients to implement and maintain a robust data protection framework with effective controls as part of ensuring a defensible position. This not only covers existing requirements but changing and new requirements.
|We provide a virtual DPO service |
The vDPO service is typically adopted by organisations who do not have a specialist data protection resource (or resources) internally; who want additional headcount to augment their existing data protection team; where a full-time role is not a viable cost option or where it wishes the role to be politically neutral or not easily influenced and therefore chooses to outsource the role.
Data Protection sub-services
- Data Mapping
- Gap Analysis
- Policy and Procedure Writing
- Framework Implementation
- Framework Review or Audit
- Virtual Data Protection Officer (vDPO)
- Data Protection Training and Awareness
- Data Analytics and Forensics
Benefits to you
Minimising Negative Impact
Increased Customer / Client Confidence