Implementation of the General Data Protection Regulations (GDPR) has significantly changed the dynamic for the protection of personal data and the privacy of information, introducing a new concept of ‘accountability’.
Beyond data protection, increasing use of technology and recognition of the threats to network and information security have elevated the importance of business resilience and the relationship between breaches of information security and reputational damage.
The regulatory role of a Data Protection Officer inherently conflicts with the fiduciary duties of a director or company officer. Our externally provided service allows the DPO to maintain true independence and autonomy, with the professional qualities and expert knowledge to help clients meet their regulatory obligations.
Data privacy impact assessments are important tools for accountability, helping clients meet accountability obligations and demonstrate appropriate measures. We support clients through the process with established tools and materials.
Commonly labelled ‘cyber-security’, advising government bodies, financial institutions and companies on breach management, mitigation and regulatory notifications, and supporting the establishment of Information and Security and Identity and Access Management solutions, including the establishment of Public Key Infrastructure and advising on and drafting Certificate Policies.
Using a defined approach, we help clients identify and understand the nature of the information assets held and build a true risk profile.
Having developed the risk profile we advise on risk management, including the appropriateness of insurance, security management and changing employee awareness and understanding of the risks