Our Privacy as a Service offering will support your business to develop a data privacy strategy and steer it through the complex array of different data protection regulations that might affect the organisation.
Virtual Chief Privacy Officer (vCPO)
A CPO directs a company’s data privacy strategy, helping to steer the business through the complex array of different data protection regulations that might affect the organisation concerned.
As your vCPO we will help your business to look for ways in which privacy can add value to the business, using it in a positive way to help gain a competitive advantage. The vCPO’s duties typically include:
Virtual Data Protection Officer (vDPO)
We will register and act as the vDPO for the business by performing the roles and responsibilities assigned to me under Article 39 of the GDPR, e.g:
Virtual Privacy Officer (vPO)
Providing support to the vCPO and / or vDPO on all Privacy related issues, including helping to run and manage the Privacy compliance project / plan for the business.
Virtual Cyber Security & Privacy Lawyer (vCSPL)
Providing independent legal advice and support to the client and/or vCPO vDPO so the client doesn’t need to consult with (costly) external lawyers.
The benefit of engaging a vCSPL is that there won’t be any need to sign separate engagement letters with external lawyers or to keep briefing new lawyers as the vCSPL will have access to the client and direct lines of contact (with a system of Chinese walls being implemented internally to avoid any conflicts) with the vCPO and/or vDPO.
Privacy as a Service (PaaS)
It’s also possible to subscribe to a mixture of the above services under the Privacy as a Service heading – please speak to a consultant for more information on this offering and we’d be more than happy to prepare a bespoke service offering and quote for you.
EU Representative Services
Under this annual subscription service, we will serve as your EU representative under Article 27 of the EU GDPR via our network of carefully selected associates. As your EU Rep, we will:
Cyber Essentials and IASME Governance Standards Assessments – which includes an assessment of ‘GDPR Readiness’
The GDPR provides for two processes under which organisations can demonstrate that their processing of personal data is compliant with data protection laws (thereby satisfying the accountability requirement under the GDPR), these are:
Until recently, organisations have been unable to rely on the above processes because the administrative framework for gaining the requisite approval from the UK Information Commissioner (ICO) of a proposed code or scheme wasn’t ready.
However, since 27 February 2020, it’s been possible for UK organisations to submit their proposals for a GDPR code of conduct or certification scheme criteria to the ICO for their approval, but this process is both time consuming and expensive, so then the next best thing would be to focus on demonstrating compliance with any other recognised data protection / cyber security standards, e.g. the UK’s Cyber Essentials and IASME Governance Standards (which includes an assessment of GDPR requirements) which would be an affordable and achievable alternative to trying to evidence compliance with other international standards, e.g. ISO/IEC 27001.
We can help your organisation with the IASME Governance Self-Assessment which assesses your compliance with the Cyber Essentials scheme and your GDPR readiness. Once we’ve completed the assessment, your organisation should receive a certificate confirming your Cyber Essentials certification and your business would also be able to use the IASME ‘Governance with GDPR logo’ to demonstrate to your customers, and employees, that you take the protection of their valuable personal data seriously.
We can also help you to obtain any other relevant industry specific certifications, e.g. Cyber Essentials Plus, ISO/IEC 27001, BS 10012, etc.