GDPR Audit Service – Independent GDPR Audit of your organisations GDPR compliance.

Once we have issued you with your GDPR Audit Report, if required, we will provide you with any GDPR compliance advice and support you may need to implement GDPR compliance best practices to address any GDPR compliance risks which may be identified during the GDPR Audit. We will be there for you every step of your GDPR compliance journey.

1. We will work closely with you to understand your organisation’s objectives and define the full scope of the GDPR Audit.

2. We will develop and agree a GDPR Audit Framework based upon your organisation’s requirements, before we go on to conduct a detailed GDPR compliance audit.

3. We will conduct a GDPR Audit of your organisation’s policies and procedures and conduct GDPR Audit interviews with people within your business that have key management and data processing responsibilities.

4. We will deliver a comprehensive GDPR Audit Report of our findings, which will contain a summary of our observations, any evidence of good practice, opportunities for improvement and clear recommendations for addressing any GDPR compliance non-conformities that may be identified.

GDPR – Enterprise Gap Analysis (Risk Based Approach)-  Inlcuzion Business Consultants will work with stakeholders within your organisation across strategic levels and key business operations to understand and assess your key privacy touchpoints, data flows and build a privacy recommendation report against you present and future state as well as your risk posture. We will build practical remediatial action plan and roadmap which will provide guidance which may assist your organisation in implementing GDPR.

1. One of our highly experienced GDPR Consultants will review your Privacy, Cookie, Data Protection, Confidentiality and Information Security related Strategies, Policies and Standard Operating Procedures, conduct interviews with employees with key data processing responsibilities within your organisation and review key data processing systems to identify whether there are any GDPR compliance gaps.

2. We will then develop a GDPR Gap Analysis Report which will detail any GDPR compliance gaps, which may be identified along with recommendations for risk management and process improvement. Providing you with the framework needed to effectively embed GDPR compliance best practices into your organisations business as usual practices. Paving the way for you to confidently and securely process personal data

3. You will then have the option of adopting any recommendations from the GDPR Gap Analysis Report yourself or commissioning Incluzion Business Solutions to provide you with as much advice and support you may need to close gaps which may be identified by implementing tried and tested GDPR compliance best practices. From policy and data processing agreement drafting and GDPR training through to managed Data Protection Officer Services

System Readiness Assessment – IncluzionBS System GDPR readiness assessment consists of an in-depth analysis of a specific application or data collection method to understand the full privacy requirements against the lifecycle of the system or service. The GDPR compliance assessment consists of:

• Assessment of technology including the detailed assessment of Privacy Enhancing Technologies (PETs).
• Global Data Flow Mapping (GDFM) and Global Data Flow Compliance (GDFC) is completed to understand data types and the privacy touchpoints against the lifecycle of each data type.
• Technical assessment of the technology being used to process the organisations data, gaining a deep understanding of how data is protected and processed in order to inform our clients of any vulnerabilities that require attention.
• Production of a privacy enhancing roadmap. Incluzion consultants will provide you with a roadmap of improving your operations for data privacy, providing practical guidance, which provide guidance around technical and business process improvement.

IncluzionBS consultants will engage with key technical and business process owners and Subject Matter Experts, within your organisation, in a series of interviews and workshops to develop and understand all data flows, either across your organisations operations or specific systems and/or third-party vendors and suppliers.

This is conducted in accordance with industry good practice. An enterprise level PIA is strategic in content and focuses on the organisation at a strategic layer. System specific PIA, which is granular in nature and focuses on a specific set of business operations and is targeted with detailed guidance on any remediation activity.

Data Protection Impact Assessment (DPIAs) help you to proactively identify and control GDPR compliance risks and embed Data Protection & Privacy by Design and by Default into all of your personal data processing activities, systems and technologies. Conducting robust DPIAs on your own can be quite a complex task, particularly when the processing activity your business intends to undertake is multifaceted, innovative or inherently privacy invasive.

Our Data Protection Impact Assessment services are designed to provide your business with all of the independent expert advice and support it needs to conduct thorough DPIAs, in compliance with the General Data Protection Regulation (GDPR).

1. We will work closely with you to identify the scope of the DPIA, with particular regard to what your organisation’s intended data processing activities are and the nature of any potential third-party involvement.

2. We will interview those with key responsibilities for the design and delivery of the intended data processing activities and review any associated documented policies, procedures or product/service designs.

3. We will report our findings, setting out any risks that may have been identified that are likely to impact on the individuals whose data you intend to process. Detailing clear recommendations for safeguards that can be implemented to reduce the likelihood and impact of risk.

4. If there are risks identified that cannot be readily mitigated, we will support you through the process of consulting the UK Information Commissioners Office (whom has the power to ban processing activity, if you cannot demonstrate that you have appropriate safeguards in place).

We review a company’s application or set of systems to assess privacy by design principles such as:

• Proactive not reactive; Preventative not remedial.
• Privacy as the default setting
• Privacy embedded into design
• Full functionality – positive-sum, not zero-sum
• End-to-end security – full lifecycle protection
• Visibility and
• transparency – keep it open
• Respect for user privacy – keep it user-centric

Incluzion Business Solutions use a set of blended services to provide an organisation with either an Enterprise Readiness Assessment or Privacy Technology Assessment and combine this with technical penetration testing to provide validation that data is secured appropriately.

Having a data breach can be extremely damaging to an organisation’s reputation. Bridewell provide an incident response service, which assist the company in managing a data breach and liaising with the relevant Supervisory authorities. This can be done on an ad-hoc basis or a contracted service throughout the year.

Training will consist of:

1. GDPR Rights

2. GDPR Responsibilities

3. GDPR Risks

4. GDPR Compliance

Who is it designed for?

Incluzion Business Solutions GDPR Training is ideal for pratically anyone that works for an organisation that routinely processes lots of personal data and needs to gain a high-level understanding of what the GDPR means for them and real-world insights into the practical things they can do to comply, including:

• Small to medium sized business owners (and start-ups)
• Senior Managers (HR, Marketing, IT, Customer Services, Finance, etc.)
• Senior Information Risk Owners
• Data Protection Officers – Data Stewards
• Heads of Compliance & Legal
• Information Governance & Security Managers
• Digital Transformation Programme Leads – Data Sharing Programme Leads
• IT Solutions Developers – Head Teachers & Safeguarding Leads
• Academic Researchers & Students

IncluzionBS understands that this can prove a challenge for most organisation with the added cost and the shortage of qualified and experienced DPO. Therefore, IncluzionBS can provide your organisation with an independent DPO in accordance with the guidance published by the GDPR Article 29 (Data Protection Working Party), where it is not financially viable or not practical to hire or appoint a DPO.

1. Inform and advise your organisation and its employees who carry out processing of their GDPR obligations and other Union or Member State data protection provisions (including the UK post-Brexit).

2. Monitor your organisation’s compliance with the GDPR, with other Union or UK data protection provisions and with your policies, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits

3. Provide advice where requested as regards the data protection impact assessment and monitor its performance in accordance with the requirements of the GDPR, including when DPIAs are to be completed and what the minimum requirements are.

4. Cooperate with and act as the contact point for the data protection authority (eg the UK Information Commissioners Office – ICO) on issues relating to processing, including when prior consultation with the ICO is mandated for high-risk personal data processing activities.