GDPR and Data Protection Officer (DPO) services

CompliCIS offers three Personal Data Protection services:

  • Review of your Data Protection policies, procedures, notices, records etc, to ensure that it is conforming to UK GDPR 2021 legislation, and the latest advice from the Information Commissioner’s Office (ICO).

 

  • Virtual Data Protection Officer (DPO) services. These services include:
    • on-going advice on your compliance to UK GDPR 2021, Data Protection Act 2018, and any variations that arise as we move forward.
    • support if you suspect you have had a notifiable Data Breach.
    • guidance on handling Subject Access Requests from members of the public, customers, employees etc, both in advance and in the event of receiving such a request.
    • advice on when you would be required to complete a Data Protection Impact Assessment (DPIA), and support to complete it
    • Awareness/training services

 

  • IASME Governance certification – includes an assessment of and then certification of your GDPR compliance.
GDPR Compliance Icon

Experienced DPO services

CompliCIS works in a number of sectors with clients providing virtual Data Protection Officer and/or GDPR consultancy services. Sectors include Software Development, Financial Services, Printing, Consulting, SAAS, Warehousing, etc.

GDPR

Registered with the ICO

Many businesses are required to register with the ICO because of the nature of what they do. 

If this is your business, you might want to consider also appointing a Data Protection Officer (DPO).
If data is your business, you need to know what the requirements of GDPR and the Data Protection Act are (and any other legislation that may come following the end of the transition period). If you are large enough to have an in-house counsel, this is an ideal role for them. If not, then a DPO can guide you through the legislation and how to implement systems to keep you on the right side of the requirements.
Among many other things, a Data Protection Officer can guide you through:

  • Ensuring supplier contracts have the required level of data protection to effectively manage your customers’ personal data.
  • Identifying when you are a Joint Controller with another organisation, and the additional protections required if you are.
  • Changes that may arise as the UK and EU’s legislation diverges from each other.
  • What you will have to do to legally process EU citizen’s data, once the six-month data adequacy bridge ends at the end of June 2021.
  • Managing Data Protection in the EU.
Data protection

Where you could benefit from our support

  • Having someone to guide you through any interactions required with the ICO, e.g. when:
    • you have a notifiable breach of personal data
    • the ICO has received a complaint about you and wishes to investigate you.
  • Guidance on any considerations when you make changes to systems or services that involve personal data – e.g. whether or not a Data Protection Impact Assessment is required.
  • Support on handling Subject Access Requests.
  • If you are required to appoint a DPO, an experienced person to fill the role competently, available whenever you need them
ICO

What next?

Check whether you need to register with the ICO and pay them a fee.

  • There is an easy (anonymous) online self-assessment on the ICO’s website that will tell you if you do or do not need to register. It can be found at this link:
Click here for ico.org.uk self-assessment
  • There are three levels of fee, depending on the size of your business. As at 1st November 2020, the fees are:
    • Tier 1 – Micro: up to £632k turnover or 10 employees: £40.
    • Tier 2 – Small/Medium: up to £36m turnover or 250 employees: £60.
    • Tier 3 – Large:  over £36m turnover or 250 employees: £2,900.
  • There are some exemptions and variations for public authorities and charities for example.
  • There is an online assessment tool to help you calculate your fee: 
Click here for ico.org.uk fee calculator

The ICO has a number of other data protection assurance checklists, which may be useful for you to use. They include, what you need to do if you are:

  • if you are a Data Controller:
Click here for ico.org.uk controllers checklist
  • a Data Processor: 
Click here for ico.org.uk processors checklist
  • conducting Direct Marketing:
Click here for ico.org.uk direct marketing checklist
Check whether you are required to have a DPO
  • It can be found at the following link:
  • If you are unsure of what your answer should be to any of the questions, call CompliCIS for clarification on 01458 839300.
  • If you do not require a DPO, consider the benefits of getting one anyway.
Click here for ico.org.uk do I need a DPO?

Get in touch

Send us a message using the contact form

or call us on

01458 839300

for a free quotation.