GDPR Compliance and Consultancy Services

We provide a range of services from business level assessments, implementation, cyber security and consultancy for organisations of all sizes.

Introductory

The first step is to assess how your organisation currently stores, secures, manages and accesses personal data. These introductory services help identify the right people across your organisation and review your current position to create an action plan.

The workshop covers the key points of the GDPR, your organisations obligations and the practical implications. The first half of the day is an interactive awareness session and the second consists of an open forum workshop. All sessions are facilitated by a GDPR Consultant Practitioner.

Suitable for All businesses and organisations

Period of engagement dependent on stakeholders - (1-5 = 3 days, 6-10 = 5 days, >10 = bespoke)

This engagement is about understanding your organisation and the personal data it is processing in more detail. Cybercrowd assess your businesses GDPR readiness against the ICO’s ’12 steps to take now’ guidance. This is achieved through stakeholder interviews and a review of privacy and data protection policies. You’ll be provided with a written report, with findings and recommendations in respect of each of the 12 steps. We recommend GDPR Support as a follow up to this service.

Suitable for All businesses and organisations

As part of the ongoing accountability aspect of GDPR compliance, many organisations want to train their staff on the obligations and considerations around the new regulation. This service is delivered through videos or webinars, and can be tailored to the organisation size. It can be used to train existing and new staff and includes a record of which employees have received the training.

Suitable for All businesses and organisations

Ongoing support

Customers get a detailed and defined GDPR action plan, template policies, staff awareness training videos, and telephone support.

Includes:
Data Protection Policy
Controller-Processor Agreement
Data Subject Rights Procedure
Data Breach Procedure

Suitable for
Small/micro organisations less than 10 users
Mainly B2B activity
No special category data processing
Max. five stakeholders

Ongoing support

Customers get a readiness report, with findings and recommendations. Includes annually updated staff awareness training videos, template policies, quarterly health-checks, and telephone support.

Suitable for
Organisations around 100 users
Mainly B2B activity
No special category data processing
Max. five stakeholders

Intermediate

Once you understand your organisations compliancy position, our intermediary services help put plans in place to improve your overall compliance position and implement appropriate security measures.

Period of engagement subject to scoping

Some organisations will require additional support to remediate and implement the findings of a Readiness Assessment. This may include, but is not limited to, GDPR compliance planning, framework design, implementation programme definition, implementation of compliance frameworks and management systems. This service also includes detailed personal data mapping.

Suitable for
All businesses and organisations

The Security Posture Review is not a GDPR specific service. It provides organisations and businesses with an understanding of their current information security baseline as it applies to all information assets, not just personal data. The objective is to help them understand how to improve overall security posture and provide them with a mature baseline. The review is conducted against the NCSC’s ’10 Steps to Cyber Security’ and results in a written report with findings and recommendations.

Suitable for
All businesses and organisations

Ongoing support

This service is recommended as a follow on from the Readiness Assessment.

This service gives organisations ongoing support and a defined and detailed GDPR action plan that covers annually updated staff awareness training videos, template policies, quarterly health-checks, and telephone support.

Includes:
Data Protection Policy
Controller-Processor Agreement
Data Subject Rights Procedure
Data Breach Procedure

Suitable for
All businesses and organisations

Bespoke

We support your organisations unique and ongoing needs with our bespoke services tailored to support your GDPR compliance journey.

Period of engagement subject to scoping

DPOaaS allows organisations who don’t have in-house data protection skills to outsource this compliance role to a subject matter expert. This is an ongoing strategic support role and will require an in-depth scope.

Suitable for
Public authorities; businesses and organisations that carry out ‘large scale’ processing of special category information or ‘large scale’ monitoring and profiling.

Get in touch

Get in touch if you would like to learn more about GDPR, and how your organisation can benefit from business level advice or technical solutions. The personal information provided will be used to contact you about Softcat’s GDPR services.

By submitting this form, you consent to be contacted about products and services from members of Softcat. Softcat is committed to safeguarding your privacy. If you want more information on how we collect and use your personal data, please read our privacy policy page.