Data Protection Services
As the staging date for GDPR looms, tlam is offering Data Protection Services to all sorts of companies, trusts, law firms and other organisations across the UK.
We are focused on making sure that firms are not only compliant, but managing data fit for the fourth industrial revolution and the future data rights of individuals. Our approach is centred on our risk mitigation pathway model, which starts with looking at your communications, culture, business process and your IT systems so that insurance and dispute resolution tools are used sparingly.
This approach is total; starting with training and education, we want companies to truly get to grips with the legislation. Our training is aimed at showing how firms can really add value to their clients by understanding and empathising with individuals and their data rights particularly around Erasure, Portability and Accuracy.
If you still need to implement GDPR compliance we can pick up the project from any point and take it to a high degree of compliance so you can continue with your business unencumbered of regulatory worries.
If you want to have someone monitor your systems on a regular basis, we have Data Protection Officers ready to take on that responsibility for you.
GDPR compliance – why you should appoint tlam to be your Data Protection Officer
There is a lot of preparation to be done before the GDPR Data Protection Laws come into force on May 25th. Amongst other things you have to document every process which you do which involves personal data, identify all of the types of data, the legal basis for holding it, how long you retain it for and document the measures you take to make it secure, you have to write Privacy Notices, have Processor agreements and lots more…
There is something else you have to do… you have to evaluate and document your reasons for deciding whether or not you need a Data Protection Officer, and the chances are that you will need one….
And the Data Protection Officer has to have particular skills and attributes and a particular position in your organisation:
- They have to be invited to participate regularly in meetings of senior and middle management and their opinions on data protection given due weight
- They must be given the time, resources and training required to carry out their tasks and maintain their expert knowledge
- They must be able to perform their duties in an independent manner and cannot be instructed
- There can be no conflict of interest so they cannot hold a position in your organisation which leads them to determine the purposes and means of processing personal data (so they cannot be a member of your senior team)
- They cannot be dismissed or penalised for performing their tasks and this includes absence or delay in promotion or other benefits as well as dismissal
- Data protection compliance is a corporate responsibility of the data controller not of the DPO
So this is a very difficult appointment to make
But help is at hand –
The Article 29 Working Party Guidelines on Data Protection Officers (“DPOs”) outlines how the function of the DPO can “be exercised on the basis of a service contract concluded with an individual or organisation outside the controller’s/processor’s organisation”
WP29 states that in such an arrangement “individual skills and strengths can be combined so that several individuals, working in a team, may more effectively serve their clients”
We at tlam agree
The Working Party recommends that in this case there is a clear allocation of tasks within the DPO team with a lead contact and person in charge assigned to each client.
We at tlam agree
We believe that we already have a good understanding of your business from our experience of working for Law Firms so let us work with you and take away the headache of appointing a suitable DPO when we can do this role for you effectively and in a much more cost-effective way.
Process to achieve GDPR Compliance
The Information Commissioners Office have prescribed their 12 steps to take now to be GDPR compliant. In terns of following these we have broken these down to three overall stages to help achieve and maintain GDPR compliance.
- Identify & Analyse
- Plan & Implement
- Ongoing Management
Rigorous Due Diligence and Audit on your Supply Chain
Our Service is dedicated to making you have covered every corner of your supply chain. We pay particular attention to those that manage your digital data, whether that is your practice management system, hosted IT provider or mobile app. We want to make sure that every corner of your business operations stands up to scrutiny.
Fostering Data Privacy By Design in your team.
The implementation of GDPR compliance is done at its best when your team is onboard and understand why the regulations exist. We provide information packs, starter kits and videos to break down the regulation into chunks and make sure stakeholders participate in any changes required.
Training Focused on Data Rights of, and Risks to, the Individual
- To be informed
- Restriction of Processing
- Automation and Profiling
A project pack focused on mitigating Data Risk.
Outsource your DPO to us
We have Data Protection Officers who are here to look after your company as well as they look after our own. With experience ranging from the third sector to PLCs, our DPOs are here to provide that crucial monitoring, management and review functions to make sure you are maintaining quality data governance.