Thistle Initiatives offers a comprehensive range of compliance solutions in relation to:
- • the Data Protection Act 1988 (DPA)
- • the Information Commissioner’s Office additional enforcement powers in relation to the Privacy and Electronic Communications Regulations
We’re also already working with firms to identify the implications for their business, their processes, systems and staff of the forthcoming GDPR.
Understanding your needs
Our starting point is always to ensure we understand your firm’s requirements in terms of holding and handling data, the challenges you face and your concerns.
We undertake a basic healthcheck to provide an overall assessment of your needs and the key areas to be addressed.
If need be, we can carry out a more detailed audit to look at the policies and procedures your firm has in place to regulate the processing of personal data; how well these meet the current requirements and how effectively they work in practice on a day to day basis.
Typically we will consider issues such as:
- • Data protection governance;
- • Staff data protection training and awareness;
- • Security of personal data (manual and/or electronic);
- • Requests for personal data;
- • Information sharing;
- • Records management;
- • Privacy Impact Assessments.
Are you preparing for GDPR?
In May 2018 the EU General Data Protection Regulation (GDPR) comes into effect and will apply to the UK regardless of Brexit.
The GDPR is a major shift in the requirements surrounding the handling of data and if your business is impacted you should already be thinking about, and planning for, change.
Is your business affected?
The regulation applies to organisations which control or process data from EU residents. Even if the organisation is based outside the EU, if the data your business controls or processes is personal data of an EU resident, then the Regulation will apply. If your firm is currently subject to the DPA, it is likely that you will also be subject to the GDPR.
To support firms with the new requirements we will begin with a gap analysis, looking at what firms have in place now and where they need to get to in order to comply with the GDPR.
The gap analysis allows us to prioritise actions and drive solutions so when the regulation bites you can be confident you and your business are ready.
Click here for more details about the range of services we can provide to assist your business in complying with the GDPR.
Working out solutions
On the back of a healthcheck, gap analysis or audit we produce an action plan designed to work through, one by one, any weaknesses or concerns and to provide proportionate solutions which your business and your staff can implement in practice on a day to day basis.
Understanding the issues is an important first step but fixing the problems is what really supports your business.
So we help create practical policies and procedures which are tailored to the needs of your business and your staff.
We’ll support you with training, assist with monitoring and MI reporting for Board oversight and assurance.
To complete the cycle, we can provide an external audit as a third line of defence and independent assurance.
For more information about our services or to discuss how we can support your business in meeting both the current DPA regulations as well as the new GDPR please contact us on 020 7436 0630 or email: firstname.lastname@example.org