Lead Services

img
Official Roles

EU Resident Independent Data Protection Officer (DPO) - The Regulations effectively mandate either a full or part-time non-conflicted responsible officer' who oversees good practice. We provide commercially experienced senior analysts or auditors for both part-time and external DPO's able to draw upon our updated information and supporting services to be kept aware of emerging best practices and case law.

Non EU Resident Organisation Representative -Working with EU organisations as a non-EU resident organisation becomes problematic. Non EU residents can elect to use a single countries national authority, or elect several authorities, according to their own data processing and operational structures. Yet the regulations go further and specify that all communications with a national authority must be in the local language and delivered by a resident of the EU. This creates the role of country representatives which is part of our services for GDPR long term.

img
Content Development

GDPR is not just an ICT challenge. As major a component of being compliant, substantial policy work is required either starting from the ground-up or by embedding industry best practices that fit with the organisations management culture. We create our customer content for ISO27001 and GDPR purposes while working with industry leaders and experts to introduce their materials and recommended practices. As of June 2018 we have GDPR, ISO27001, ISO45001 and ISO28001 content available. More will follow. Additionally, we work with a well known law firm to provide specific advice and guidance for those problematic situations that many organisations will face under the new GDPR regime.

img
Implementation Journey

Our approach is that of a journey defined as a current-state to the target-state, which must include technical, policy, process, marketing, legal, governance and controls. We identify the gaps or areas for improvement using online questionnaires and forms, used under the control of a dedicated analyst and later in the journey, auditor. The deliverable is a top-level plan that enables your further progress unaided; or becomes the starting point for our services that initiates resources, BoxedComply record keeping and monitoring, on a managed self-help or fully managed service.

img
Gap Reviews and Planning

Our approach is that of a journey defined as a current-state to the target-state, which must include technical, policy, process, marketing, legal, governance and controls. We identify the gaps or areas for improvement using online questionnaires and forms, used under the control of a dedicated analyst and later in the journey, auditor. The deliverable is a top-level plan that enables your further progress unaided; or becomes the starting point for our services that initiates resources, BoxedComply record keeping and monitoring, on a managed self-help or fully managed service.

img
Documentation and Progress Reporting

Record keeping and documentation is fundamental to GDPR compliance and clearly specified as such in the Regulations. Assuring accurate records and controls is critical in minimising the risks from an investigation by a national authority, creating an audit trail of documents and their approval over time.
Our service provides – Cheetah- an online platform as an organisation information management system. Cheetah is an intelligent record management system that supports the authoring, approval, and publication of all types of relevant documentation, policy, process diagrams, architecture diagrams, linked transformation maps, dash-boarding, inventories, and data dictionaries. Cheetah brings in additional to support other areas of compliance activity such as ISO277001 and similar.

img
Governance, Management Culture and Controls

Many organisations coming fresh to data privacy, will face the challenge of shaping a new governance framework for its executive, one that integrates GDPR with other compliance, legal and strategic commitments. This in turn drives management attitude and culture to itself become strategic rather than a given ‘as is’.
If this is part of your challenge, then our pool of associate consultants brings real world commercial and corporate experience to customers’ needs and aspirations.