Data Protection / GDPR Services
The General Data Protection Regulation (GDPR) came into force on May 25th 2018. Any organisation that stores or processes personal information within EU states must comply with the GDPR, even if they do not have a business presence within the EU. All entities, small or large must comply. This means small organisations such as local sports / social clubs have the same obligations under GDPR as large multi nationals.
Innovate works closely with our partner, XpertDPO Ltd. to provide tailored solutions to your data protection and GDPR compliance requirements.
The service offerings are offered to complement the IT security solutions within the suite of products and services offered by Innovate.
Outsourced Data Protection Officer-as-a-Service
We guide organisations, based within or outside of Europe, to determine if they are required by law to appoint a Data Protection Officer. Importantly, this obligation extends to both data controllers and data processors, and it will be an offence not to appoint a DPO where one is required. If you opt to outsource your DPO role, XpertDPO offer an outsourced DPO-as-a-service package on a fixed price quarterly subscription fee. In addition to a dedicated account manager you can rely on our expertise to inform and advise your organisation and its employees on the requirements of the GDPR, monitor your organisation’s compliance with the GDPR, advise on data protection impact assessments (which become mandatory under the GDPR for certain activities), cooperate with your relevant data protection authority, and act as the designated point of contact for the supervisory authority.
GDPR Compliance Gap Analysis
Most organisations have heard of GDPR but are unsure of where to start. We can work with your organisation to formulate a compliance roadmap, broken down into achievable steps. The first step in your compliance journey is a gap analysis to analyse your current state of compliance. We will conduct an audit of your current policies and procedures to see how match fit your organisation is.
Data Protection Impact Assessments
Data Protection Impact Assessments (DPIAs) can be used to identify and mitigate against any data protection related risks arising from a new project, which may affect your organisation or the individuals it engages with. Under the GDPR, a DPIA is mandatory where data processing “is likely to result in a high risk to the rights and freedoms of natural persons.” This is particularly relevant when a new data processing technology is being introduced. Our consultants can work with your organisation to provide you with a fully documented DPIA.
Data Breach Response Service
The GDPR makes the reporting of Data Breaches mandatory in some cases. In our experience, it is a case of when, not if you will be affected on some level. We can work with your organisation to plan and rehearse your data breach response plan. In addition, many organisations panic and make the wrong decisions immediately following a data breach. When availing of this service, our customers can rest assured that we will work closely with them to mitigate the breach. We will also fully document the breach. This is important as it will inform the customer as to whether they are required to notify the Data Protection Commissioner of the breach. If desired, we will also communicate with the Data Protection Commissioner on your behalf.
Service / Training Packages
We offer service and training packages that can be tailored to suit your organisation's particular needs. This can be anything from a review of your website privacy notice to a full review of your policies and procedures which includes in-house GDPR awareness training for your employees.