CLF Consulting gives data protection advice, support and training. We also offer Data Privacy Officer mentoring and services to help you be compliant and avoid both fines and prosecution.
Every UK business that holds personal data (as little as names and addresses) needs to comply with the best practice principles of data protection law
Is your business doing what it should to protect personal data? Contact us today for a no-obligation health check or executive briefing.
Advise: Experienced, Independent Guidance On Data Protection
Train:Real World, Best Practice, Data Privacy Training
Protect:Data Protection Health Checks, Reviews And DPO Services
Demonstrating that data privacy is important to your organisation starts at the top. Through executive briefings, comprehensive compliance reports. CLF Consulting can help you understand the impacts on your business and recommend how data privacy should be managed on a day-to-day basis.
If you’re reading this and the worst has already happened; call us on [tel] to discuss how we can help you manage your current situation, as well as giving you advice and liaise with Regulatory bodies about their breach notification.
We spend time getting to know your business, any high-risk areas, operational restrictions etc. We then discuss and plan a programme of training to suit your operational and budgetary requirements.
Benefits of bespoke training:
Under the new EU General Data Protection Regulation, Public Authorities and companies who process large volumes of personal data and/or process special categories of personal data must have a designated Data Protection Officer. The DPO must be adequately qualified, in particular an expert knowledge of data protection law and practice.
In most businesses data protection administrative responsibilities are delegated to capable employees. Sometimes these are qualified data privacy professionals, but predominantly not. As a business you must ensure that the support, tools and budgets are available to them in order to carry out this role effectively.
It is also important to note that even when DPO responsibilities have been delegated, the overall responsibility of data protection compliance stills remains with Senior Management.
From experience, the DPO role can be very isolated and often challenging. Especially when:
Our mentoring service, with your commitment, enables us to work alongside that individual and equip and prepare them to carry out the basic administrative tasks; helping to affirm them and give them confidence in the subject.
Following discussions with you about your business, your data protection obligations and the nominated individual – we would prepare a mentoring package that we believe is suitable for your business.
To book a mentoring session or discuss our DPO Mentoring programme please call 07793600650 or email us on firstname.lastname@example.org.
Following an initial meeting to understand your needs, and a possible compliance assessment, CLF Consulting provides your business with a summary of compliance activities suitable to your business and agree which we will carry out on a sub-contract basis.
DPO services may include all or some of the following, all of which CLF Consulting can support you with:
CLF Consulting works with organisations to help them protect the privacy of their data. These services typically include:
Understand what the law says and your organisation’s responsibilities towards data privacy and protection. Executive Presentations are an ideal start to your company’s commitment to Data Protection as they give board members an overview of the legislation, how this impacts organisations and directors’ responsibilities to manage and minimise the risks.
Many companies also benefit from further presentations after Privacy Impact Assessments as well as understanding the implications and remedial action required following a data privacy breach notification.
Health Checks / Privacy Impact Assessments (PIAs)
Most businesses are not aware of the volume of personal data they are processing or the risks associated with it.
PIAs are a useful tool to help organisations to view their processing practices in full and properly consider and address their privacy risks. It is also a great way to recognise good practice. These practices can often be duplicated throughout a business allowing consistency in policy and process models.
When carrying out a PIA we spend time on-site getting to know your business, talking with employees and reviewing your current policies and procedures. A report is then produced identifying key risks, the potential costs of these risks to your business and recommendations to mitigate them. We will continue to work with you, where you choose, to implement any necessary changes.
Following an initial PIA it is recommended that these be carried out on an annual basis to ensure that good practices are being maintained and there are no new risks within the business. This is also a requirement of the new EU General Data Protection Regulation. On-going support can also be factored in to your risk strategy/solutions should you require it.
PIAs can be carried out for full or parts of your business operations and we also offer Executive Briefings to present the findings to your management team.
Experience has taught us that the best data protection practices take into account the people and processes within an organisation. Data Protection is a confusing subject and if misinterpreted or ignored can lead to financial as well as operational penalties. In some cases, this could attract fines of up to 4% of turnover or €20m.
Our consultancy services provide you with a practical way to manage your risks, whether that is on a short or long-term basis. These include:
Subject access is one of the main rights of the Data Protection Act. It gives people the right to access any personal information you have about them. This is not just within HR but all systems; manual and electronic and does include email. Access requests may also be received from third parties but whom can you legitimately release this information to?
What is a Subject Access Request (SAR)?
Who should process a SAR?
What information should be released?
What information should not be released?
Timeframes for disclosure
Audit trail and record retention
As an employer, you have responsibilities to ensure your employees’ personal details are respected and properly protected.
What the Data Protection Act means to an employer
Recruitment and selection
Monitoring at work
Information about workers’ health
What rights do workers have?
This course is designed to break down the barriers between legislation and good business practices. We will go back to basics, looking at the history of the Act, what is expected of you, how the pending changes to the Act may influence processing practices and also give you some practical ideas and solutions to maintaining compliance within your business.