DPA Discover Service
In order to help your organisation get started in complying with the DPA 2018 legislation, our Discover service provides the following deliverables:
- DPA 2018 Compliance Gap Assessment: Risk Crew will assess your current data protection operations, policies, processes and controls against those recommended by the legislation to identify the current compliance “gap” and then generate a comprehensive report of our findings and recommendations to fill that gap.
- Compliance Activities Roadmap: Findings will include a detailed list of actions required for your organisation’s full compliance in a project plan format of your choice. The roadmap will cite specific actions required for compliance, proposed action owners, target completion dates and estimated budgets required.
- Stakeholder Workshop: Upon completion, Risk Crew will conduct a half-day workshop for key business stakeholders to ensure their understanding of the remedial actions needed for compliance and the estimated resources and timeline required.
This service results in a solid understanding of the law and what’s required from your business to comply.
DPA Assist Service
Need some more help? Our Assist service offers all deliverables from our Discover service plus the following:
- Identify, Locate and Classify Information Assets: Risk Crew will review your business model and interview your key business stakeholders to identify, locate and value the sensitive information assets processed, stored and transmitted by your organisation.
- Create Data Classification and Marking Schemes: Once these information assets are identified, we will create suitable classification and marking schemes to ensure appropriate handling and security controls are applied and Data Protection compliance requirements are met.
- Data Flow Diagrams: All information assets will then be documented citing their sensitivity level, value, owner and location in information technology systems for reference per the standard. This document provides the inventory for risk management.
- Template DPA Documentation for Customisation: Risk Crew will then provide a template of DPA documentation to include draft policies, privacy statements, data processor agreements, privacy by design policy, privacy by default policy, data retention plan, security requirements and controls, breach notification procedures, subject access request and privacy impact assessment forms for the organisation to customise to their business processes and risk objectives.
- Mock Audit to Ensure Readiness: When you are ready, Risk Crew will conduct a mock audit to ensure you’ve correctly implemented the recommended remedial actions and that DPA policies and procedures produce evidence applicable to demonstrate compliance to the law.
This service provides the framework essential for compliance and is ideal for organisations that have operational resources but specifically lack in-house data protection expertise. The outcome serves as the foundation for an effective, data protection programme and requires the implementation of remedial actions, policy customisation, control implementation and education of your users for completion of your compliance requirements.
DPA Implement Service
Need the full belt and braces? Our Implement service offers all the deliverables from both our Discover and Assist services outlined above in addition to the following:
- Customised Data Protection Documentation for the Business: Risk Crew will create a fit-for-purpose DPA set of documentation for the organisation to implement.
- Control recommendations: Risk Crew will also recommend cost-effective security controls where required to ensure DPA security policy implementation and compliance. Control recommendations shall include control objectives, control configuration (if required) control evidence and control testing procedures.
- Data Protection Security Awareness Training Programme: Risk Crew will provide computer-based data protection security awareness training to your staff to ensure their understanding cyber security threats to the personal data your business processes along with staff and management roles and responsibilities for compliance to policies and incident reporting in accordance with the legislation. Face-to-face workshops with data protection experts are also available in lieu of or to supplement this training, depending on your preference.
- DPA Compliance Workshop with Stakeholders to Ensure Understanding, Roles & Responsibilities: Upon completion of the above, Risk Crew will hold a full-day workshop with your key business stakeholders to ensure their comprehensive understanding of the legislation its goals and objectives, key performance indicators (KPIs), and staff roles, responsibilities and ongoing actions required for compliance.
This comprehensive service provides everything you need for your DPA 2018 compliance short of implementing the policies and the procurement of any controls needed and is designed for organisations looking for a cost-effective, turn-key solution.
This popular service can be augmented with our DPO On-Demand Service to ensure you have access to a dedicated resource with the skills and experience required for continuous compliance.
DPA Maintain Service
If your organisation is currently DPA 2018 compliant then you know that once you get compliant the challenge is to stay compliant.
Risk Crew can help you meet this challenge with a variety of Support Services from delivering on-going requirements such as privacy impact assessments and data processor audits to providing continuous ad-hoc advice and assistance to answer questions, clarify requirements and ensure you stay the course of compliance.
Give us a call and we can discuss and design a solution to meet your specific needs.