Data privacy

Technology is seen as a critical business enabler for driving growth, margin and efficiency, but it also presents a pervasive risk that must be understood and managed.

Please note that GDPR / CCPA / PECR and any other privacy regulations is not a one-time exercise or a checklist - it is a way to conduct your business with respect for this fundamental right.

Our services covers:

• From gap analysis through implementation with the following regulations and frameworks:
  • UK Data Protection Act and PECR
  • EU ePR and GDPR
  • Canada PIPEDA
  • US medical HIPAA, educational FERPA, California data protection CCPA
  • Israel Privacy Protection laws
  • Singapore PDPA and TRUSTMARK
  • Hong Kong PPDO
  • Australian Privacy Act
• Drafting data processing agreements and data protection clauses in T&C.
• Develop relevant framework (who does what and why) and associated policies\standards.
• Implement data protection by design and impact assessments (DPIA) processes.
• Review controls for data processing for customer, supplier and employee data.
• Conduct data and system mapping (where is personal data is, who has access, anonymisation).
• Legal basis identification (consent management, contract, legal obligations, vital interest, public task, legitimate interest).
• Develop processes and standards related to Individuals' rights (data subject rights -informed, access, rectification, erasure, restrict processing, data portability, object, decision making).
• Design and deploy data security controls (encryption, access controls, etc).
• Advise with regards to international data transfers and Brexit.
• Define and implement the breach notification process.