Data Protection as a Service

This is essentially a discovery exercise that helps determine the current compliance position of an organisation, documenting any gaps against regulatory expectations and inherent risks that may be apparent. This can be conducted on or off-site and is one of our most popular products.

Part of the challenge is understanding your risk exposure, whereby you can then start to plan a compliance roadmap.

Data Retention is without a doubt one of the biggest challenges faced by businesses worldwide. With technical debt on the rise, organisations are finding they do not have the technical capability to delete or anonymise personal data from their systems. Let’s not forget physical paper storage too!

We can help you better understand your data holdings and work with you to build a data cleansing strategy, even if this means liaising with the ICO on your behalf.

Regardless of your current position, we can help you reduce your risk and enable you to better defend your position with a detailed plan on how you propose to become compliant with your data retention schedules and other regulatory timescales that might determine how long you retain information.

Data Protection by Design and Default is not new to the Data Protection Act. However, given the challenges faced by businesses in terms of the outdated and limited functionality of their systems, it is clear there has been little aforethought in regard to data protection requirements.

Let us help you better understand your system gaps by building a systems inventory. We’ll also cover off how to embed Privacy by Design into your organisation by advising on how this fits into your change management lifecycle through the completion of Data Protection Impact Assessments.

There are now 8 rights a data subject can require under the GDPR. Whilst this isn’t a new concept, there are new additions including the Right to Erasure and the Right to Portability.

‘’How do we ensure our staff recognise a request?’’, “How long do we have to comply?’’, ‘’What’s in scope?’’ and ‘’Are there any exemptions?” are just a few questions we can help you find the answer to. GDPR is also about empowering the data subject so this is one of the most important aspects of the Regulation to get right.

Accountability is a key principle of the GDPR. It’s about being able to effectively demonstrate that you understand your data by recording your processing activities.

Whether it’s determining the lawful basis upon which you are relying to process personal data or defining the purpose, we can help you bring together a comprehensive ROPA and help implement good governance practices to help keep it accurate and up to date.

In some instances, organisations now have an obligation to report a data breach within 72 hours of becoming aware of it. A timely response can help manage risk to data subjects and your organisation.

So, if you want to know how to recognise, report and respond to a data incident, we can help. We can also advise on how to identify the root cause of a data breach and help implement controls or changes to processes to mitigate the risk of a repeat incident.

Embedding a privacy-first culture into your organisation is key to demonstrating a good understanding of Data Protection by Design and Default.

Regardless of whether this is carrying out a Data Protection Impact Assessment on a change to the way you process data or you are thinking of setting up a ‘Data Steward’ network within your business, we can help.

Arguably the most effective activity a business can undertake is ensuring its staff are aware and suitably trained on what aspects of the GDPR affect their day-to-day job roles.

Here at Trust Hogen, we can provide bespoke eLearning packages on subjects such as GDPR Basics, cyber security and how to identify Phishing and Smishing attacks. If it’s a face-to-face input you’d like, we can do that too!

​​Often the first thing a data subject needs to be aware of is the intention an organisation has for their personal data.

Sometimes known as a Fair Processing or Privacy Notice, it is a document that informs a data subject of what data is being collected, how it is being processed and why, who it is being shared with, the lawful basis being relied upon for the processing and how long an organisation might retain that data for.

In addition, this document should explain the rights a data subject has in terms of their personal information and how they might be able to make a complaint. It is important that this notice reflects how data is actually being processed and not your intentions for the future.

We can help augment a robust privacy policy and also advise on where, when and how you should make this information available.

Quite often, organisations can become so focused on ensuring compliance with customer data, that they forget their most important asset – our staff!

Whilst you must ensure your customer base is suitably safeguarded and empowered, you must also replicate good data protection practices for employees too. This will include recording HR business processes, managing data breaches and informing your people about what information you hold about them and why.

At Trust Hogen, we have become HR Data experts and have worked in organisations that employ over 85,000 colleagues globally, down to a small medium enterprise with 3 employees. To that end, you’re in safe hands.

With obligations to meet under GDPR and PECR, marketing has become somewhat of a minefield in recent years.

Here at Trust Hogen, we have established partnerships with some of the top marketing associations in the UK and are able to access reliable legal advice and current best practices through our extensive networking of marketing experts.

Whether it’s registering with the ICO, dealing with enforcement notices or liaising with the UK’s regulator following a Data Breach, we can help.

With extensive experience in managing an effective relationship with the ICO, we’ll help you overcome your challenge and find a resolution to your data protection issues.

Prior to complaining to the Regulator, data subjects are urged to try and find a resolution with an organisation directly.

This is an early opportunity to find out exactly where it went wrong and try to provide a data subject with an explanation. So whether it’s a one-off complaint or a series of issues relating to the same event, we can help.