Data Protection Act 2018 Compliance

In order to help your organisation get started in complying with the DPA 2018 legislation, our Discover service provides the following deliverables:

• DPA 2018 Compliance Gap Assessment: Risk Crew will assess your current data protection operations, policies, processes and controls against those recommended by the legislation to identify the current compliance “gap” and then generate a comprehensive report of our findings and recommendations to fill that gap.
• Compliance Activities Roadmap: Findings will include a detailed list of actions required for your organisation’s full compliance in a project plan format of your choice. The roadmap will cite specific actions required for compliance, proposed action owners, target completion dates and estimated budgets required.
• Conduct Stakeholder Workshop: Upon completion, Risk Crew will conduct a half-day workshop for key business stakeholders to ensure their understanding of the remedial actions needed for compliance and the estimated resources and timeline required.

These will result in a solid understanding of the law and what’s required from your business to comply.

Need some more help? Our Assist service offers all deliverables from our Discover service plus the following:

• Identify, Locate, and Classify Assets: Risk Crew will review your business model and interview your key business stakeholders to identify, locate and value the sensitive information assets processed, stored and transmitted by your organisation.
• Craft Data Classification Schemes: We develop clear marking schemes for secure handling, aligning with regulations like Data Protection.
• Data Flow Diagrams: Information assets will be documented citing their sensitivity level, ownership, and IT system locations. The register becomes your risk management inventory.
• Template DPA Documentation for Customisation: Risk Crew offers a DPA documentation template featuring draft policies, privacy statements, data processor agreements, privacy by design and default policies, data retention plans, security controls, breach notification procedures, and customisable forms for subject access requests and privacy impact assessments, all tailored to your organisation’s unique business processes and risk objectives.
• Mock Audit to Ensure Readiness: Once you’re prepared, Risk Crew will perform a mock audit to verify the correct implementation of recommended remedial actions. This ensures that your DPA policies and procedures yield tangible evidence, demonstrating full compliance with the law.

This service provides the framework essential for compliance and is ideal for organisations that have operational resources but specifically lack in-house data protection expertise. The outcome serves as the foundation for an effective, data protection programme and requires the implementation of remedial actions, policy customisation, control implementation and education of your users for completion of your compliance requirements.

Our Implement service offers all the deliverables from both our Discover and Assist services outlined above in addition to the following:

• Customised Data Protection Documentation for the Business: We’ll create a fit-for-purpose DPA set of documentation for the organisation to implement.
• Control recommendations: This includes recommendations on control objectives, control configuration (if required) control evidence, and control testing procedures.
• Data Protection Security Awareness Training Program: This service is accompanied by an automated vulnerability assessment scanning to identify security weaknesses associated with your business systems and websites
• Implement Information Security Awareness Training Program: Equip your team with cutting-edge data protection security awareness training from Risk Crew. We’ll sharpen their knowledge of cyber threats to your business data, and clarify their roles in policy compliance and incident reporting under the law. Choose from computer-based training or opt for in-person workshops with our data protection experts to suit your preferences and needs.
• DPA Compliance Workshop with Stakeholders to Ensure Understanding, Roles and Responsibilities: After the tasks above, Risk Crew will host a power-packed full-day workshop with your key business players. They’ll grasp the legislation’s core goals, KPIs, and their own roles, responsibilities, and ongoing compliance actions. Get ready for a deep dive into legal mastery!

This comprehensive service provides everything you need for your DPA 2018 compliance short of implementing the policies and the procurement of any controls needed and is designed for organisations looking for a cost-effective, turn-key solution.

If your organisation is already compliant with DPA 2018, you’re aware that maintaining compliance can be just as challenging as achieving it.

Risk Crew can help you meet this challenge with a variety of support services from delivering on-going requirements such as privacy impact assessments and data processor audits to providing continuous ad-hoc advice and assistance to answer questions, clarify requirements and ensure you stay the course of compliance.