Professional, Innovative and Pragmatic
Data Protection Consultancy Service
At Kazient we have been engaged on a number of projects with a number of clients, from multi-national businesses to relatively smaller charities. The scope and range of the work that we have undertaken in the past means that however ambiguous the environment is that you work in or however unique your problem – we have the necessary skills, experience and expertise to find the most appropriate solution.
When it comes to Data Protection, it is easy to get bogged down in jargon and legalese – but we are here to always keep things simple and easy to understand. Please get in touch for a detailed discussion about how our Data Protection and GDPR Consultants can help you.
With Data Protection laws becoming ever more stringent, many businesses find that they need a fulltime Data Protection officer. Indeed, the law requires that certain companies employ a Data Protection officer in some capacity. However, for some companies it is just not feasible to employ a Data Protection expert.
At Kazient, we provide a service where we become your outsourced expert Data Protection Officer – which can save you serious time and expense. As your DPO, we can become a point of reference and provide ongoing assistance, training and guidance in all matters of Data Protection.
When it comes to using our services, the focus can be too narrow, or we provide a reactive service – fixing something that has already occurred. As your DPO we will provide continuous support to ensure that your company is safeguarded and well prepared before any Data Protection issue arises.
For detailed information about how our Data Protection and GDPR consultants can provide ongoing support with a DPO service, please contact us.
A non-European bank was recruiting applicants from Europe, bringing them in scope of GDPR regulations. The bank asked employment agencies to complete consent forms for the candidates so that they could accept the information in an appropriate way. However, the employment agencies said this was too burdensome and that no other employers made this request. The bank responded by saying that the law required this.
Kazient were invited to find a solution to the standoff by employing our expert opinion. We were able to identify the correct course of action to take and find the most practical and efficient route to being compliant.
Contact us for more details about how our Data Protection and GDPR consultants can help you.
With a gap analysis, our consultants will undertake an analysis of all of your companies’ workflows and processes to understand how data is captured, processed and maintained. It is through this that your company can gain a real appreciation of just how far the business is from being compliant in specific areas and be confident of the areas in which you are already compliant.
After the analysis is complete, we will build a thorough report, with clear and comprehensive steps for your company to take to quickly achieve compliance and be protected from any potential fines.
We can provide training for your company so that all your personnel can understand how to be compliant with Data Protection laws.
We can provide training on a number of issues whether that be managing subject access requests or drafting privacy notices. Everything depends on what your specific needs are, we can provide basic training for all employees across the company or run intensive Data Protection workshops for management.
For detailed information about the tailored training our Data Protection and GDPR Consultants can provide, please contact us.
If you feel that your company is unprepared for Data Protection regulations, we can provide an audit for all of your operations to identify weaknesses. By employing a third party to examine your business’s processes, you will put your company in the strongest defensible position with a Data Protection audit.
Our Data Protection and GDPR consultants can assist your company in creating impenetrable documents that are clear, precise and comprehensible.
This document informs your subject, all of the information that you are legally obliged to supply them with, such as what personal data the company is collecting, why they are collecting it, what they will do with it and how long they will keep it for.
These documents are a set of guidelines which a company will need to comply with in regards to the personal data they hold.
These documents will direct the company as to how personal data is handled and provide clarity as to who is responsible for what.
Under GDPR, Data Subjects have significant rights when it comes to requesting access to their data. Subjects can ask to have their data modified or erased, and these requests usually need to be processed in 30 days.
Not every company has enough Data Protection knowledge to really appreciate how and when these requests need to be processed. At Kazient we can assist in creating documents and guidelines to make sure your company is always prepared.
The law states that when someone’s data is collected, that person needs to be provided with a privacy notice. An Investment management company was fielding job applications, and an employment agency was adding applicants to the Investment management company’s application portal.
The employment agency did not provide their applicant’s contact details and instead where filling it in with the recruiters own details because they did not want to be removed from the employment process and lose out on any fees. As a result the company was unable to make the privacy notice available to the applicant.
From the situation it was unclear as to whether the employment agency should sign a contract to ensure they delivered the privacy notice, or whether the company should do something else entirely. At Kazient we helped find a solution to this impasse. This predicament also highlights the importance of having strong Data Protection procedures already in place.
Our Data Protection and GDPR consultants can put procedures in place for your organisation.
When a data breach occurs, speed is of the essence. At Kazient we have the expertise to respond to any breaches and help you to take the best next steps.
We will help you to mitigate any damage, prevent any further harm and to quickly identify how to prevent future occurrences of the breach arising again. We will report the breach to the Information Commissioners Office (ICO) within the allocated 72-hour timescale and then become the point of liaison between your company and the ICO.
Companies normally operate with a vast number of business relationships. By using data mapping, workshops and contract closures, we can gain a clear understanding of your relationships and how data is processed and transferred.
At Kazient, we can also conduct negotiations with suppliers and third parties to ensure that all of your business processes and agreements are appropriate when it comes to processing and protecting personal data.
Nowadays, with the advent of GDPR, contracts need to have adequate provisions regarding how data is controlled, who controls it and how it is processed.
Through our expertise, we can look at the transfer of information and draft or implement adequate provisions into the contract to safeguard data. Where necessary, we can also assist in putting robust procedures and target operating models.
This is a relatively new requirement under the law, where if your company adds a new process or changes a process, then a DPIA needs to be conducted, to identify how this process will affect any personal data.
Data is governed by a vast amalgamation of laws and directives which frequently say what to do, but rarely say how to do it.
Putting these abstract regulations into practice requires individuals who comprehend the laws, but who also have the understanding of how these laws relate to businesses in the operational sense.
Our exhaustive knowledge of Data Protection and our practical skills in implementing this knowledge means that if you are unsure and unclear as to which direction your company should take – we are best placed to guide you.
A data flow map identifies detailed gaps between actual practices and the legal requirements. It also builds trust and confidence in data subjects about how their data is being managed.
To effectively map data, you need to be able to identify its key elements.
Data items are the type of data being processed and the categories into which it falls. This includes a person’s name, email, address, health data, criminal records, biometrics and location data.
You must clarify how the data has been collected. Was it collected as a hard copy (paper records) or a digital copy (USB), or is it stored on a database?
Your organisation will need to look at how the data is being collected and transferred. This could be by post, telephone, social media, within your organisation or with third parties.
It is important to know the locations involved within the data flow. This could be an office, the Cloud or a third party.
Who is accountable for the personal data often changes as the data moves through the organisation, so it is important to keep track.
Your organisation will need to know who has access to the data in question.
Data flow mapping may seem daunting, but at Kazient we can simplify the process with our Data Flow Mapping Service.
For more evidence about how our Data Protection and GDPR consultants can help you, get in touch.
Company Registered in England and Wales. Company No. 09324798. 25 The Drive, Collier Row, Romford, RM5 3TP