Compliance Requirements for Organisations
What does the law say you must do to achieve compliance ?
You must comply with the rights of data subjects (these are the persons whose information you collect, store, share, delete, etc.).
You must be registered with the Information Commissioner’s Office if you process (e.g. handle or use in any way whatsoever ) the personal information of data subjects.
You must complete and submit every calendar year to the Information Commissioner’s Office a data protection impact assessment of all the personal information you hold.
You must appoint a data protection officer to monitor your compliance with the data protection act (unless you are exempt by law).
You must comply with the eight data protection standards.
We can help you to achieve compliance with your legal obligations by:-
Designing and delivering bespoke training on data privacy and data security to staff at all levels so that everyone are able to understand the relevance of the data protection act to their respective role.
Providing further specialist training and ongoing support for Data Protection Officers.
Helping you to identify the personal information you hold, map your data flows and build data inventories so that you can achieve registration compliance with the Information Commissioner’s Office.
Delivering practical solutions in managing and mitigating risks by completing the mandated data protection impact assessments.
Advising and developing robust systems and processes for managing records so that you are clear about what information should be retained, the retention periods and how to use, share and dispose of information securely, safely and confidentially.
Supporting you with the management of requests from persons wishing to access their records, including the resolution of complaints arising from such requests.
Coordinating, investigating and advising on data breach and action planning.