Data Protection & Privacy

Keeping your DATA and PRIVACY protected.

Data Protection & Privacy

The exponential rise in cyber-attacks, ransomware reports and data breaches has given organisations an increased focus on securing personal and company data.

Since 2018, the data protection posture changed across the UK, Europe and beyond.  The implementation of EU General Data Protection Regulations (“EU GDPR”), the UK’s Data Protection Act 2018 (“DPA2018”) and other international privacy laws have implemented tougher rules on how personal information must be handled and protected.

After the UK left the European Union (Brexit), the UK implemented its own similar UK GDPR in line with domestic data protection laws.

Data protection rules are clear and concise, yet they potentially carry substantial financial penalties for non-compliance and significant reputational harm.

Our data protection team also has an understanding of other international data protection laws, including the UAE’s Personal Data Protection Law.

We guide organisations through the process and improve their posture around protecting personal data and compliance, including Audit & Assessment, Virtual Data Protection Officers and Breach & Incident Response.

Audit & Assessment

Working with decision makers and key management to assist in implementing DPA and the relevant GDPR measures, we will help audit your organisation’s readiness and resiliency by testing systems, processes and infrastructure for security soundness.

Under both EU & UK GDPR, the proposed place to start your journey is to identify where your personal data is located, stored, transferred, processed and who has access to the data.

How we can help

  • Conduct information audits across the organisation to review, identify and assess the data being held
  • Conduct specific Data Flow assessments providing Gap Analysis to identify control weakness, strengths and areas for development
  • Work with the organisation to, design and implement appropriate technical and internal measures to ensure Data Protection is designed into all processes
  • Draft and implement International Data Transfer Agreements and other legislation changes
  • Work with the organisation to design a Data Privacy Impact Analysis framework linking to pre-existing risk management and project management processes
  • Review the processing of data, identify and document the lawful basis for the processing activities, including clear and concise consent mechanisms
  • Review the data protection risks on the organisation’s Risk Register and create the critical list of control weaknesses versus actions required by legislation
  • A complete review and/or develop framework of policies and procedures needed to ensure DPA and EU/UK GDPR compliance and provide a plan for Data Protection or Privacy by Design documentation
  • Monitor compliance with data protection policies and regularly reviewing the effectiveness of handling/processing personal data and updating security controls
  • Develop and provide a clear Road Map needed for regular review of security access and controls to ensure privacy and security of personal data resulting in a documented Data Protection Impact Assessment framework
  • Help the organisation develop a staff training and awareness program

Virtual Data Protection Officer (DPO)

Even where an organisation is not required by EU/UK GDPR legislation to appoint a Data Protection Officer (DPO), if an organisation controls or processes personal data, then they are encouraged under the regulation to appoint one.

A DPO is expected to have an expert understanding of data protection law and practices. An organisation may already have an employee in the DPO role, TenIntelligence can support that role in the UK or Europe, or provide a dedicated outsourced service for an independent and qualified person, that holds no conflict of interest within your organisation.

How we can help:

  • TenIntelligence named as your UK and/or EU DPO
  • Review the DPA & GDPR risks on the business risk register and create the critical list of control weaknesses
  • Define and maintain the required Records of Processing Activities (“RoPA”) under Article 27 of GDPR
  • Provide leadership support, business focal point and training to all staff on DPA & GDPR matters
  • Ongoing virtual support using all forms of appropriate communication
  • Assist with Data Subject Access Requests (DSARs)
  • A monthly, bi-monthly, quarterly bespoke report on the current state of the organisation
  • Provide tailored alerts and current global insights
  • Providing real-time assurance through the provision of appropriate reporting mechanisms
  • Short notice or specific 24-hour breach and incident response support service as required

Breach & Incident Response

Organisations do not have to look far for recent examples of high profile incidents that capture the media’s imagination and result in a consequential loss of customer confidence and damage to its brand.

The senior executive team should own and regularly review their incident response procedure. The procedure should enable responses to be effectively managed, including staff and third-parties or contractors.

How we can help:

  • Advise on developing procedures to effectively detect, report and investigate a personal data breach or incident. Under the DPA 2018 and GDPR, failure to report a breach could result in a fine.
  • Design and develop a Breach & Incident Response Plan.
  • As an appointed DPO, act as the incident responder working with those identified within the Breach & Incident Response Plan.
  • Support the regular testing regime of breach and incident response including specific development of bespoke desktop and play book exercises to test decision-making procedures.
  • Develop a communication plan for internal and external messaging to clients and staff, offering specific support for press and media handling.
  • Provide support to the appointed nominated DPO or business lead in the incident response critical hours.

Virtual Chief Information Security Officer (CISO)

Working alongside the client’s team of technical, IT, risk and compliance leaders, TenIntelligence acts as a CISO, an extension of in-house resources.

Our cyber security team helps to assess an organisation’s cyber risks by designing and implementing a cyber security strategy and culture through policies, procedures and controls needed to strengthen defences and achieve compliance standards.

How we can help:

  • TenIntelligence named as your independent Chief Information Security Officer (CISO)
  • Participate as an independent member of your information risk supervisory board
  • Review the risks identified during the Cyber Essentials certification phase, updating the risk register accordingly and create a critical list of control weaknesses
  • Assessment of your cloud/server/network access controls and privileged user accounts
  • Applying multi-factor authentication across your internal and/or external network
  • Analysis of device controls (mobile, laptop, hardware), remote working threats and their appropriate security provisions
  • Review the information security provisions and vulnerabilities of external cloud platforms, applications and suppliers
  • Understand threat intelligence, next generation antivirus and malware trends
  • Implement and support an ISO27001 certified Information Security Management System
  • Design and coordinate a business and disaster recovery plan during a cyber crisis
  • Design and implement consistent security audits into regular working practices

Find out how we can help you

We understand that due diligence, corporate investigations and protection services can be sensitive and complex matters, and we take steps to ensure that all of our clients’ information is kept strictly confidential.

By filling out your brief details, you can take the first step towards getting the answers you need.

We will respond to your inquiry as soon as possible and look forward to working with you.