• The Data Protection Act 1998 requires every organization who is processing personal information in an automated or using an IT system to notify the information Commissioner, unless they are exempt.
• Failure to notify is a criminal offence.
• Register entries have to be renewed annually. If you are required to notify but don’t renew your registration, you are committing a criminal offence.

Our privacy policy is a legal document that discloses some or all of the ways your organisation gathers, uses, discloses and manages a customer's data. The contents of a privacy policy we will draft for you is based on UK Data Protection Act of 1998 law and may address the requirements of multiple countries or jurisdictions if applicable to your organisation. To create your privacy policy we require a 5 day audit of your organisation

We can assist your organisation to design an information security policy that re-uses your existing technology and automates the security controls thereby enforcing your security baseline automatically. This exercise requires a 5 day audit.

We can assist your organisation to design and put in place efficient data procedures that support your Privacy and Information security policies. We will also ensure that your operational procedures are aligned with the policies. This exercise requires a 10 day audit.

We can provide you with an automated Subject Access Request dashboard that will track your Subject Access requests and centralise the operational controls to ensure your organisation responds to all subject Access request under the 40 day limitation period. The exercise takes 10 day audit to complete.

When your organisation loses data, what do you do? Our service will provide you the capability to:
   1. know when the data is lost
   2. identify the type of data lost
   3. implement the risk mitigation process
   4. kick off incident management procedures

Our Data Loss Prevention (DLP) uses several systems that identify, monitor, and protect data in use (e.g., endpoint actions), data in motion (e.g., network actions), and data at rest (e.g., data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), and with a centralized management framework.

The systems and process we put in place are designed to detect and prevent the unauthorized use and transmission of confidential information.

i. We provide Privacy audits for organisations or for their suppliers and 3rd parties, we also provide audits in aid of mergers and acquisitions. The focus points for our audits are :

   1. To assess the level of compliance with the Data Protection Act 1998
   2. To assess the level of compliance with the organisation’s own data protection system
   3. To identify potential gaps and weaknesses in the data protection system
   4. To provide information for data protection system review

ii. Our Audits take
your requirements, carry out the audits and generate reports in relation to compliance or non compliance. We also provide information about the controls that need to be implemented to mitigate the risks.

We can implement two types of privacy impact assessments (PIA)
1. One off Privacy impact assessments - these are designed to assess the privacy issues related to a project
2. We can put in a business process and web based tools designed to enable you to carry out PIAs for your projects. This capability allows you to manage your PIA assessments and keep a record of them.

Before outsourcing your services you ought to carry out due diligence checks on your supplier. This checks are vital in order to demonstrate that you have adequate governance in your organisation as well as to identify any potential weaknesses in your outsourcing partner's data protection framework.

When dealing with suppliers, you ought to carry out Due Diligence checks on the suppliers you exchange confidential data with. You can instruct us to audit your suppliers and identify non-compliances as well as commensurate controls.

When sharing information with suppliers it may be more appropriate to provide privacy self audits. They will enable you to provide the criteria to be met and all suppliers complete the audits and reports sent back to you.

When sharing information with 3rd parties, you ought to have an ISA in place. We can assist you in putting in place a system for generating ISAs or put one in place for you manually.