Navigating the complexities of data protection can be challenging. Our compliance services are designed to simplify this process, helping you achieve and maintain the standards required to protect your organization and customers.
Compliance with applicable laws and regulations is essential for all organizations that handle data as part of their daily tasks. The interpretation of the legal requirements and their application to your organization is a complex matter, even more so when operating in multiple jurisdictions. In addition, case law and precedence, for territories where Common Law is instated, may complicate matters further.
The ISO 27001:2022 standard makes reference to the protection of Personally Identifiable Information (PII) in control A.5.34, highlighting the importance of compliance within information systems.
Along with the GDPR, and its counterpart in the UK, the UK GDPR, laws and regulations worldwide are on the increase, with the inclusion of CCPA in California, the DPDP in India, or the PIPL in China, to the existing ones like COPPA, PIPEDA, and HIPAA.
At Dionach, we take all of the factors mentioned above into consideration, adding any relevant guidance issued by Supervisory Authorities, to assess your current Data Protection practices and provide sound recommendations towards compliance and to enhance your privacy posture.
Dionach can assist with conducting gap analyses, reviewing and improving internal documentation in the terms of policies, processes, procedures, Data Processing Agreements (DPAs), Records of Processing Activities (RoPAs) and Data Protection Impact Assessments (DPIAs). Although good documentation is essential for accountability, we analyze the correlation between the design effectiveness and the operational effectiveness too.
Our subject matter experts can also offer guidance on Data Protection tier-based training, management of Data Subject Requests, and the state of the cookie banner and the cookie policy.
Our consultancy services include horizon scanning of Bills and legal drafts ahead of their entering into force, to help your organization prepare and be proactive.
The gap assessment is a high-level review of the current privacy information management in place. The ISO 27701 expands the ISO 27001 – ISMS, with regard to the role fulfilled by your organization, as Data Controller or Data Processor.
Dionach will provide an overview of the requirements in these areas during the gap assessment and where other areas are discovered for which the requirements of the standard are not in place.
The gap analysis is a high-level review of the current state of data protection practices in place. Dionach experts will assess compliance with data protection principles at the operational level, reviewing the suite of policies, including the Privacy Policy, Cookie Notice and Cookie Banner, and other documentation such as the Records of Processing Activities (RoPAs).
For entities established in the UK, we can base our report on the ICO’s Accountability Framework, with its main ten areas to cover.
Dionach will provide an overview of the requirements in these areas during the gap analysis and where other areas are discovered for which the requirements of the GDPR are not in place.
When becoming aware of a data breach, your organisation needs to act promptly and effectively, in order to reduce the potential impacts. Dionach experts can offer different types of support during the incident, collaborating with your Incident Response Plan (IRP), or employing best practice in the containment, eradication, and recovery phases.
The flow of communications with internal stakeholders and external parties must be restricted to what is necessary, whilst allowing remediation activities.
Dionach experts can help decide whether the data breach should be reported to the Supervisory Authority, and to the data subjects whose personal data has been affected by the incident.
This type of requests can be made by any individual and range from ‘what personal data do you hold of me?’, to request corrections to keep personal data accurate, or demand a cease to marketing communications. It is important to understand that not all requests are absolute; some can be rejected based on an overarching lawful basis of processing, or in the case where requests are manifestly excessive.
Dionach privacy experts can help your organisation discern how to meet the requirements, prepare templates for communications, and devise ways to improve efficiency to meet the target timeframes.
Transfers of personal data beyond the 27 Member States in the European Union or those countries that have achieved an adequacy decision by the European Commission need to follow Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs) for the transfers to be lawful.
Currently, the mechanism for lawful transfers between the EU and the US is the Privacy Management Framework (PMF), with a bridge between the US and the UK.
Dionach experts can review all relevant documentation, or draft new ones, to ensure that your operations are sound and safe from a data protection perspective.
Provision of training, education, or awareness programmes can be customised around the needs of your organisation, for specific teams, or be tier-based, accommodating to the different needs of your workforce.
Training modules can be delivered onsite or remotely and aim to engage the audience in an interactive manner, enticing participation. Drawing from Dionach expertise, real-world examples and current supervisory guidance are embedded in the syllabus, using pedagogical methods to impart the information and make the content more memorable.
Some of the documentation that needs to be maintained towards data protection compliance can be complex in nature, especially for geographically dispersed organizations handling large volumes of personal data. Dionach experts can assist with the following, either by creating bespoke templates, completing the documentation, or reviewing existing documentation with the aim to ensure that no deficiencies or oversights exist.
We deliver the whole spectrum of cybersecurity services, from long-term, enterprise-wide strategy and implementation projects to single penetration tests.
Our team works with you to identify and assess your organization’s vulnerabilities, define enterprise-wide goals, and advise how best to achieve them.
Our recommendations are clear, concise, pragmatic and tailored to your organization.
Independent, unbiased, personalized – this is how we define our services. We guide you to spend wisely and invest in change efficiently.