Consultancy Services from HMC Ltd.
OUR RANGE OF CONSULTANCY SERVICES
Compiling data asset register and data mapping
Identifying the personal data an organisation is responsible for
Cataloguing:
Where and why the data is held and how it is used
The type, volume and “risk” level of the data
Who is responsible for managing it
Impact assessments and gap analysis
Reviewing how data in a dataset is processed
Determining if processing is compliant
Identifying “gaps” between current practice and full compliance
Developing an action plan to fill the gaps
Records of Processing Activity (RoPA)
Preparing and maintaining RoPA
Compiling ongoing records of:
The legal basis upon which personal data is held
How the data is processed
How, why and where the data is transferred
Security protocols used to protect the data
How long the data is retained and its disposal
Policy drafting and review
Privacy and cookie policies
Informed consent forms
General data protection policy
Retention policy
Various employee policies
Data protection training
Providing ongoing training to embed a data protection culture into an organisation including training for:
Senior managers accountable for data protection
Data managers responsible for personal datasets
Front line staff handling and processing personal data
Data sharing and data transfers
Advising, drafting and reviewing data processing and data sharing agreements with third parties
International data transfer mechanisms and agreements including the use of Model Contract Clauses (SCCs) and Binding Corporate Rules (BCRs)
Privacy by design advice
Ensuring data protection principles are designed into new business activities from start to finish of a project:
Considering GDPR principles at all development phases
Providing data protection expertise from the outset
Advising on a risk-based approach to the project
Data protection readiness
Readying organisations for external data protection compliance by, for example:
Financial Conduct Authority (financial services)
Care Quality Commission (medical and healthcare)
Ofsted and ISI (schools and education)
Government Internal Audit Agency (government agencies)
Commercial due diligence for M&A activity