Data Protection Services
Introduction
Every organisation collecting and processing personal data must comply with the Data Protection Act (DPA). Any personal data which is processed by the organisation needs to be in accordance with the eight principlesof the Act under Schedule 1.
An organisation is in breach of the Act if the personal data collected is misplaced or disclosed or not kept secure. Any breach may lead to adverse publicity and reputational damage; let alone the fines and prosecution by the Information Commissioner Office (ICO). Since April 2011 the ICO have been given powers to fine up to £500,000 for non-compliance.
Sometimes it can be a very daunting challenge for organisations to comply with the Data Protection Act and the associated regulations. We can guide you through the policies and procedures to help you stay on the right side of the law. Incoming Thought offers the following services designed to help you conform and comply with the Data Protection Act.
DPA Consultancy
We can help you devise policies, procedures and processes to meet your legal obligations.
Our consultants, while understanding your business requirements will objectively assess your business practices and IT systems and prepare the necessary documents and measures needed for compliance with DPA to reduce the risk of breach. Having the policies and procedures in place, we can implement these for you. We can also assist with detailed aspects of Data Protection, for example around data quality, data integrity as well as data deletion and security.
Gap Analysis
One of the greatest challenges facing an organisations today is to classify and record the volume of personal data held. Our analysis report will provide you with a clear outline of the current gaps against the requirements of Data Protection Act. Having identified the gaps, we recommend appropriate actions according to the current industry best practices.
Auditing Services
Auditing Compliance is essential, as it helps to identify whether the policies and procedures are actually being implemented by employees in the organisation. Data Compliance Officers are not always able to perform an audit from an independent perspective. We are able to do this, and all the audits are scoped with the project management team. The Audit Report will have our findings, identifying areas of non-compliance, and where appropriate making good practice recommendations. Other areas of Audit we offer, include auditing applications for personal identifiable information (PII), either in development or applications in use.
Awareness Programmes
To conform with the Data Protection Act all employees need to be aware of what they are responsible for and the consequence of failure to comply and their responsibilities in maintaining compliance. We can run Awareness programmes designed to provide your staff with all the practical knowledge and skills needed to comply with Data Protection Act. The in-house Awareness programme is a cost effective way to train staff and they don’t have to take time away from the workplace.
