Back

Blogs

NHS DSPT New Submission Requirements

View All

Case Studies

Powering Alt HAN Co.'s Smart Meter Rollout

View All

Upcoming Events

LEMA Summit 2024

View All

Webinars

Technology computer and internet cyber security and anti virus concept, Businessman pressing security shield with check mark icon with blurred office background.Technology computer and internet cyber security and anti virus concept, Businessman pressing security shield with check mark icon with blurred office background.

Your Annual GDPR Check

All organisations should check their data protection compliance every year.

Our privacy maturity assessment tool is based on the ICO’s accountability framework and helps you understand your priorities for next year and demonstrate your progress this year.

Independent support for your privacy programme

Your privacy maturity report will demonstrate to your senior leadership the value and impact of your privacy programme. It will also set out clear recommendations to help you build the case for continued investment. Our independent expertise and experience across a range of organisations will assure your leadership team that your priorities will be impactful.

What is covered by the report?

Meet the team Icon
Collaboration icon
Contracts Icon
Cyber Threat Detection

Leadership and oversight

This section looks at your organisational structure, roles and responsibilities including your data protection officer (if you have one), and how you make sure information governance activities are completed.

Policies and procedures

This section looks at your process for creating and sharing policies and procedures, how staff find and learn about these and how you make sure data is protected by design and default.

Training and awareness

This section looks at your induction, annual refresher and role-specific training. We will look at how you ensure your training covers what matters to you and that your staff understand it.

Individuals’ rights

This section looks at how you handle data subject rights requests, including how you would cope with a sudden influx and how you make sure they are completed correctly and within statutory time frames.

Transparency

This section looks at your privacy notices and how you make sure they work for your audiences. We will look at how you ensure they are up-to-date and easy for people to find and understand.

Records of processing activities and lawful basis

This section looks at how you create and maintain records of the processing you do and how you make sure your processing is lawful. We will look at your processes, privacy notices and focus on how you handle processing on the basis of legitimate interest and consent. If you process children’s data we will also look at your parental/guardian consent processes.

Contracts and data sharing

This section looks at how you handle contracts with third parties and make sure personal data is protected when you use other organisations to help you process it.

Risks and data protection impact assessments

This section looks at how you identify, record and manage data protection risks.

Records management and security

This section looks at how you handle personal data and protect it from information security risks. We will look at how you make sure it is suitable for your purposes and ask you about specific information security controls such as access controls, remote working and business continuity preparations.

Breach response and monitoring

This section looks at how you detect, manage and handle breaches and incidents.

Our Experts