GDPR Compliance and Consultancy Services

The workshop covers the key points of the GDPR, your organisations obligations and the practical implications. The first half of the day is an interactive awareness session and the second consists of an open forum workshop. All sessions are facilitated by a GDPR Consultant Practitioner.

Suitable for All businesses and organisations

Period of engagement dependent on stakeholders - (1-5 = 3 days, 6-10 = 5 days, >10 = bespoke)

This engagement is about understanding your organisation and the personal data it is processing in more detail. Cybercrowd assess your businesses GDPR readiness against the ICO’s ’12 steps to take now’ guidance. This is achieved through stakeholder interviews and a review of privacy and data protection policies. You’ll be provided with a written report, with findings and recommendations in respect of each of the 12 steps. We recommend GDPR Support as a follow up to this service.

Suitable for All businesses and organisations

As part of the ongoing accountability aspect of GDPR compliance, many organisations want to train their staff on the obligations and considerations around the new regulation. This service is delivered through videos or webinars, and can be tailored to the organisation size. It can be used to train existing and new staff and includes a record of which employees have received the training.

Suitable for All businesses and organisations

Ongoing support

Customers get a detailed and defined GDPR action plan, template policies, staff awareness training videos, and telephone support.

Includes:
Data Protection Policy
Controller-Processor Agreement
Data Subject Rights Procedure
Data Breach Procedure

Suitable for
Small/micro organisations less than 10 users
Mainly B2B activity
No special category data processing
Max. five stakeholders

Ongoing support

Customers get a readiness report, with findings and recommendations. Includes annually updated staff awareness training videos, template policies, quarterly health-checks, and telephone support.

Suitable for
Organisations around 100 users
Mainly B2B activity
No special category data processing
Max. five stakeholders

Period of engagement subject to scoping

Some organisations will require additional support to remediate and implement the findings of a Readiness Assessment. This may include, but is not limited to, GDPR compliance planning, framework design, implementation programme definition, implementation of compliance frameworks and management systems. This service also includes detailed personal data mapping.

Suitable for
All businesses and organisations

The Security Posture Review is not a GDPR specific service. It provides organisations and businesses with an understanding of their current information security baseline as it applies to all information assets, not just personal data. The objective is to help them understand how to improve overall security posture and provide them with a mature baseline. The review is conducted against the NCSC’s ’10 Steps to Cyber Security’ and results in a written report with findings and recommendations.

Suitable for
All businesses and organisations

Ongoing support

This service is recommended as a follow on from the Readiness Assessment.

This service gives organisations ongoing support and a defined and detailed GDPR action plan that covers annually updated staff awareness training videos, template policies, quarterly health-checks, and telephone support.

Includes:
Data Protection Policy
Controller-Processor Agreement
Data Subject Rights Procedure
Data Breach Procedure

Suitable for
All businesses and organisations

Period of engagement subject to scoping

DPOaaS allows organisations who don’t have in-house data protection skills to outsource this compliance role to a subject matter expert. This is an ongoing strategic support role and will require an in-depth scope.

Suitable for
Public authorities; businesses and organisations that carry out ‘large scale’ processing of special category information or ‘large scale’ monitoring and profiling.