MyDPO is our flexible service for statutory Data Protection Officers (under Articles 37-39 of the GDPR), for Chief Privacy Officers, and for other in-house privacy teams.
We can help you to understand whether or not you are required to appoint a DPO and the best approach to ensuring that your organisation delivers on its legal requirements under the GDPR. Where you are not required to appoint a DPO, we can help you to understand the options for ensuring effective data protection compliance in your organisation.
Second Opinion Service (S.O.S)
Organisations that are pursuing a business transformation programme for the GDPR or any other data protection legal framework sometimes require a second opinion on the focus, priorities and design of that programme.
Whether you have highlighted potential failings, or just want peace of mind, our second opinion service provides an independent, impartial and informed assessment of any aspect of your data protection programme or framework against any benchmark or metric that you may choose, including the current priorities of the regulators, privacy advocates and the courts.
Failure to recognise that complaints have been made, or failing to handle them properly, is often the root cause of very serious legal problems, such as regulatory investigations, enforcement actions, litigation and compensation claims.
Our complaints handling service provides an end-to-end solution for the challenges that this area involves; from understanding the reasons why complaints are received, defining your strategy for complaints handling and response, through to training your staff to recognise and respond to complaints effectively.
Data Subject Rights handling
People are empowered by a variety of data subjects rights. These rights are designed to help put people back in control of their personal data. In exercising these rights, people have a direct channel into the heart of your business and the data processing activities that you are undertaking. If a rights request is mishandled this gives people the right to take court action, including to sue for compensation, and the right to take complaints to the data protection regulators. As well as triggering very difficult legal problems, rights mishandling can damage trust, brand and reputation.
Our Data Subject Rights handling service provides end-to-end support for all rights handling.
Personal Data Breach handling
Under the compulsory Breach Notification requirements introduced by the GDPR, organisations have a statutory duty to report certain types of security breaches to the regulators and to people affected. The rules for notification are complex and can be very difficult to operationalise in practice.
Failure to understand and properly implement these requirements can increase the risks of non-compliance and potential over-notification, attracting unnecessary and unwanted attention from adverse scrutineers.
Our Personal Data Breach Handling provides support for all aspects of breach handling
Disputes and Litigation
Data protection disputes may arise following a complaint to the organisation or the regulators; after a rights request; as a result of a personal data breach or due to a failure to deliver on business-to-business contractual requirements. In serious cases, these disputes can escalate into regulatory enforcement actions, litigation and compensation claims, with longer term impacts for trust, brand and reputation.
Our disputes and litigation service can help you to manage all aspects of dispute resolution, including providing advice on your legal standing and representation in mediation and arbitration proceedings, regulatory investigations and enforcement actions and in courts and tribunals proceedings.
Other Data Protection and e-Privacy services
Our multi-disciplinary data protection team includes practising lawyers, management consultants, auditors, risk professionals and forensic investigators, who work together under our Privacy Transformation methodology. Privacy Transformation provides full end-to-end support with all aspects of data protection and e-privacy, including:
- legal advice and compliance requirements;
- data protection framework and target operating model design and development;
- data protection and e-privacy programme design, set-up and management;
- risk and compliance assessments and gap analysis;
- policy, processes and controls development and testing;
- training and awareness;
- ongoing performance monitoring and assurance; and
- support with all day to day data protection and e-privacy matters.