Data Protection and Privacy | Keeping your Data safe

Keeping your DATA and PRIVACY protected.




Data Protection & Privacy

The exponential rise in cyber-attacks, ransomware reports and data breaches has given organisations an increased focus on securing personal and company data.

Since 2018, the data protection posture changed across the UK, Europe and beyond.  The implementation of EU General Data Protection Regulations (“EU GDPR”), the UK’s Data Protection Act 2018 (“DPA2018”) and other international privacy laws have implemented tougher rules on how personal information must be handled and protected.

After the UK left the European Union (Brexit), the UK implemented its own similar UK GDPR in line with domestic data protection laws.

Data protection rules are clear and concise, yet they potentially carry substantial financial penalties for non-compliance and significant reputational harm.

Our data protection team also has an understanding of other international data protection laws, including the UAE’s Personal Data Protection Law.

We guide organisations through the process and improve their posture around protecting personal data and compliance, including Audit & Assessment, Virtual Data Protection Officers and Breach & Incident Response.

Audit & Assessment

Working with decision makers and key management to assist in implementing DPA and the relevant GDPR measures, we will help audit your organisation’s readiness and resiliency by testing systems, processes and infrastructure for security soundness.

Under both EU & UK GDPR, the proposed place to start your journey is to identify where your personal data is located, stored, transferred, processed and who has access to the data.

How we can help

  • Conduct information audits across the organisation to review, identify and assess the data being held
  • Conduct specific Data Flow assessments providing Gap Analysis to identify control weakness, strengths and areas for development
  • Work with the organisation to, design and implement appropriate technical and internal measures to ensure Data Protection is designed into all processes
  • Work with the organisation to design a Data Privacy Impact Analysis framework linking to pre-existing risk management and project management processes
  • Review the processing of data, identify and document the lawful basis for the processing activities, including clear and concise consent mechanisms
  • Review the data protection risks on the organisation’s Risk Register and create the critical list of control weaknesses versus actions required by legislation
  • A complete review and/or develop framework of policies and procedures needed to ensure DPA and EU/UK GDPR compliance and provide a plan for Data Protection or Privacy by Design documentation
  • Monitor compliance with data protection policies and regularly reviewing the effectiveness of handling/processing personal data and updating security controls
  • Develop and provide a clear Road Map needed for regular review of security access and controls to ensure privacy and security of personal data resulting in a documented Data Protection Impact Assessment framework
  • Help the organisation develop a staff training and awareness program

Virtual Data Protection Officer (DPO)

Even where an organisation is not required by EU/UK GDPR legislation to appoint a Data Protection Officer (DPO), if an organisation controls or processes personal data, then they are encouraged under the regulation to appoint one.

A DPO is expected to have an expert understanding of data protection law and practices. An organisation may already have an employee in the DPO role, TenIntelligence can support that role in the UK or Europe, or provide a dedicated outsourced service for an independent and qualified person, that holds no conflict of interest within your organisation.

How we can help:

  • TenIntelligence named as your UK and/or EU DPO
  • Review the DPA & GDPR risks on the business risk register and create the critical list of control weaknesses
  • Define and maintain the required Records of Processing Activities (“RoPA”) under Article 27 of GDPR
  • Provide leadership support, business focal point and training to all staff on DPA & GDPR matters
  • Ongoing virtual support using all forms of appropriate communication
  • Assist with Data Subject Access Requests (DSARs)
  • A monthly, bi-monthly, quarterly bespoke report on the current state of the organisation
  • Provide tailored alerts and current global insights
  • Providing real-time assurance through the provision of appropriate reporting mechanisms
  • Short notice or specific 24-hour breach and incident response support service as required

Breach & Incident Response

Organisations do not have to look far for recent examples of high profile incidents that capture the media’s imagination and result in a consequential loss of customer confidence and damage to its brand.

The senior executive team should own and regularly review their incident response procedure. The procedure should enable responses to be effectively managed, including staff and third-parties or contractors.

How we can help:

  • Advise on developing procedures to effectively detect, report and investigate a personal data breach or incident. Under the DPA 2018 and GDPR, failure to report a breach could result in a fine.
  • Design and develop a Breach & Incident Response Plan.
  • As an appointed DPO, act as the incident responder working with those identified within the Breach & Incident Response Plan.
  • Support the regular testing regime of breach and incident response including specific development of bespoke desktop and play book exercises to test decision-making procedures.
  • Develop a communication plan for internal and external messaging to clients and staff, offering specific support for press and media handling.
  • Provide support to the appointed nominated DPO or business lead in the incident response critical hours.
Our Intelligence | Your Assurance