Data Protection Advisory Service: instant access to cost-effective expertise
However, finding and retaining a person with the right skills and expertise can be challenging. It may also represent a distraction from core business activities, and there may not be enough work to justify a full-time, permanent position – which also raises the risk that candidates may seek more stimulating employment elsewhere.
Building on 30 years of experience in data management and governance solutions for leading financial services organisations, Northdoor’s Data Protection Advisory Service enables organisations to access the expert skills they need rapidly, cost-effectively and within a flexible annual subscription.
The service is tailored to each organisation’s precise needs and provides a comprehensive set of activities to help address compliance with data protection regulations.
Do you need a Data Protection Officer?
The General Data Protection Regulation (GDPR) requires certain types of organisation to appoint a Data Protection Officer. These are as follows:
1. Public authorities and other public bodies. All central and local government departments, agencies and other public bodies must appoint a DPO.
2. Organisations whose core business activity is monitoring individuals regularly and systematically on a large scale. This can include running payroll services, providing standard IT support, providing email remarketing services and offering location-tracking services through apps.
3. Organisations whose core business activity consists of large-scale processing of special categories of personal data, including ethnic origin, political opinions, religious beliefs, physical and mental health, and criminal records.
However, even if your organisation does not require an official DPO, you will certainly need ongoing expert advice on data protection.
Employ or outsource?
In a job market where many experienced data-protection specialists have already been snapped up by large corporates to work as DPOs, it may be difficult for organisations to tap into the appropriate skills and knowledge. Equally, not all organisations will have enough work to keep a full-time, permanent advisor occupied.
At best, this means that they face overpaying for the services they need, and at worst, that their appointed person may soon get a better offer from an organisation that can provide a more stimulating working environment.
For smaller organisations, investing in in-house capabilities for all functions is generally economically unviable – and a potential distraction from the core business. In such cases, bringing in external advice will help address compliance demands while removing the difficulty, cost and distraction of needing to find, employ and retain a permanent employee.
The Northdoor Data Protection Advisory Service offering
To help organisations rapidly and cost-effectively access the necessary expertise for addressing compliance, Northdoor offers its Data Protection Advisory Service. With this simple annual subscription – tailored to fit your specific requirements – Northdoor assigns an expert to serve as an independent data protection specialist for your organisation.
Within the Data Protection Advisory Service, Northdoor offers a comprehensive range of services, scoped according to client need. As a guide, an entry-level service would typically cover the following activities:
- Process expertise: advising on the privacy-by-design process and the data protection impact assessment (DPIA)
- Representation: serving as the contact point for data protection authorities for all data protection issues, for example, liaising with the Information Commissioner’s Office
- Support: overseeing data breach management and reporting
- Data privacy expertise: attending and providing updates at quarterly board meetings, and serving as the contact point for staff and data subjects on privacy matters, including subject access requests.
In addition, Northdoor can provide the following services:
- Outlining a compliance programme based on findings from the Northdoor GDPR Rapid Response programme report (which is a prerequisite for the Data Protection Advisory Service)
- Advising generally on data protection and information security matters pertaining to the GDPR and related legislation
- Reviewing and advising on privacy policies, procedures and documentation
- Monitoring the collation of records of personal data processing operations
- Advising on the training of staff involved in data processing operations
- Providing a general overview of data protection regulations to senior staff, backed by deep experience.
Northdoor’s decades of experience in the protection and governance of enterprise data have enabled us to build a comprehensive portfolio of services around regulatory compliance with data protection laws. Our services are modular, highly adaptable and can be applied at all stages of any regulatory compliance programme.
The first step: a Service Assessment
Prior to any formal engagement, including the Data Protection Advisory Service, Northdoor conducts a workshop assessment to determine your existing compliance status, capability maturity and organisation-specific risks.
An overview of the regulation and its impact
- A background analysis of the EU and UK privacy frameworks
- A comprehensive overview of the GDPR, including key regulatory objectives and points of differentiation to prior legislation
- A detailed overview of the new requirements and how they will impact existing processes
Data protection, privacy risks and penalties
- A comprehensive and granular overview of the fines and penalties for non-compliance
- A facilitated group discussion about privacy risks to your organisation
- The GDPR hierarchy: an overview of the regulation of the GDPR including its supervisory authorities, courts and the EDPB
- An analysis of organisational risk under the GDPR and other data protection legislation, including a review of your organisation’s current data protection and privacy processes
Building a response program
- Insight into the key components of an effective privacy management system: explore appropriate approaches for your organisation
- An overview of assurance mechanisms, certifications, frameworks and tools used by organisations to manage privacy risk
- An industry benchmark review and discussion on the applicability of key components
- An open discussion on high-level management priorities, and short-, mid- and long-term compliance-focused goals
- Assistance in setting measurable objectives and milestones to support over-arching goals
- A formalisation of your internal privacy structure, identifying key staff and responsibilities.
Northdoor plc is a leading corporate IT consultancy and solutions organisation with almost 30 years of experience serving clients across multiple industries, from start-ups to large blue chip firms. Building on our data management and governance experience, Northdoor has developed deep expertise in the data protection law through both research and direct engagement with clients.
We have run numerous round tables, authored extensive advisory content on the topic, and have multiple ongoing engagements with clients and prospects around data protection compliance.
Northdoor’s expert services include:
- Executive briefings
- Assessment workshops
- Process and policy development
- Training and ongoing updates to staff
- Plan reviews, compliance audits and reporting
- Stress testing
- Design and provision of technology solutions to underpin compliance, for example, data protection, data discovery, data classification, data masking, and data governance
- IT security assessment and scanning services
- Third-party risk assessments using our proprietary risk assessment platform.
For more information or to speak to one of our experts, contact us
Latest Blog Articles
Gain complete visibility of cyber security across your hybrid-cloud landscape
Gain real-time security analytics & cyber threat intelligence across your whole organisation with a cloud-native cybersecurity solution.
Protecting data with cyber resilience
DR vs Cyber Resilience. Protecting data with cyber resilience. Cyber resilience and DR are closely related – but also completely different. Learn the difference here.