Data Protection risk management and compliance requires your organisation to have appropriate organisational and technical controls. Castlebridge has over a decade of experience working with clients to assess their Data Protection Capability and developing practical and achievable roadmaps to deliver sustainable improvements in the day to day governance and management of personal data in the organisation in a way that helps you to deliver business value and demonstrate progress.
Capability Assessment / Audit
Privacy Impact Assessments
Where a type of processing, in particular using new technologies, is likely to result in a high risk to people’s rights and freedoms, organisations should carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. In some cases, this can be an onerous task. However, in our experience a DPIA can be a very positive exercise as it affords you the opportunity to step back and, with our help and guidance, objectively look in detail at the project you’re undertaking. In particular, the risk register element of this process opens up your thinking around how the organisation works and what improvements can be made, strategically, operationally and financially.
Register of Processing Activities
A key component of managing Data Protection Risk is the development of your Register of Processing Activities (ROPA). This is valuable even for smaller organisations, and can deliver benefits far beyond Data Protection compliance. Castlebridge has extensive experience helping organisations develop and define their ROPA. This review of your data processing activities gets to the bottom of Who does What, Where, Why, and How with data in your organisation. This forms the basis for good data governance, improved data quality, and reduced waste and inefficiency in data.
Whether as a standalone engagement or in conjunction with some of our other services, contact us to find out more about our ROPA services.
Data Protection Officer
Under the General Data Protection Regulation, many organisations have to appoint a Data Privacy/Protection Officer. We have long recommended DPOs as a matter of ‘good practice’.
Since 2011 we have offered a virtual DPO service “ClouDPO” to help develop your internal Data Privacy Governance and Culture.
Many of our clients need a flexible, cost-effective method of delivering Data Protection Officer services and have gained valuable insights and knowledge from our confidential, pragmatic, partnership approach.
GDPR requires that, with limited exceptions, where a organisations not established in the EU who process personal data of people in the EU designate a representative to act on their behalf in the EU member states. We offers variety of solutions for organisations who may need a Nominated Representative in the EU.
As the UK becomes a third country under GDPR post Brexit, we have joined with our UK-based partners Ethidata, to provide a Nominated Representative in the UK for organisations who need to comply with the post-Brexit amendments to UK Data Protection law.