HomeServices
We know that despite all the good intentions and benefits, Data Privacy is difficult to manage with in-house resources. That’s why contracting with an external agency is often the easiest, the most cost-effective way to meet your obligations.
By dealing with qualified professionals who live and breathe GDPR every day of the week, you can be sure you are getting impartial, accurate and up-to-date advice and direction.
Starting with a one-off ‘health check’ with you and your team, we would spend the day on site to discuss and discover your current situation (£500) (1). The report from this identifies any issues, and the most cost-effective option for you – including potentially the other packages we offer.
Then, from £149 per month (2) our qualified consultants are available to nominated individuals in your organisation during the working day to answer queries and issues. It may be a complex Subject Access Request (SAR) has been submitted, or you have a suspected data breach to deal with. We can advise the best way to handle things. We can also review your paperwork (remotely or with a visit) to ensure that your processes and procedures are in line with your policies, and in turn with the legal and regulatory framework.
Best Fit: A medium sized organisation requiring advice on a regular basis.
(1) Not necessary if JEM have already conducted a detailed gap analysis with you.
(2) Minimum term is one year. Price depends on size of organisation and the maximum dedicated time guaranteed to you. VAT is applicable.
Time banking with JEM couldn’t be simpler: Choose a block of time: 1, 4, 12 or more hours – valid for 12 months, and pay a one-off charge. When you have a query, contact us by email or phone, and we will respond within 1 working day although responses are likely to be faster wherever possible (1) .
We do not insist on a health-check prior to starting this level of service, but clearly the better prepared you are, the more effective the use of your banked time.
And if a particular incident (for example handling a breach that requires ongoing communication with the regulator) means we exceed your remaining time-bank, JEM will continue to work with you until the issue is resolved[2].
Best Fit: A small organisation with irregular or ad hoc need for specialist support. When needed, it is likely to be at short notice and urgent, with managed and manageable costs.
[1] 9am – 5:30pm, Mon- Fri exc. Bank Holidays. Any delays beyond this will be responded to as quickly as possible but will result in no deductions from your time-bank. Support will be either by phone or email. Meetings generally will be by conference call or Skype. Banked time is billed in 15-minute increments. We will keep you updated on the state of your account and advise if you are running close to your limit.
[2] JEM may choose to bill at a rate to be agreed, but no more than £75 per hour, until a new pre-pay contract is agreed.
Have your auditors suggested there is work to be done on your privacy? Are you concerned that your documentation might not deliver under pressure? Have you received a Subject Access Request (SAR), and struggled to know where to look for the relevant data, let alone be sure you’ve got it all?
It might be time to ask: Are the right people doing the right things at the right time for the right reasons?
No matter what your need, JEM are happy to deliver, be it a 1 day review or a 6 month engagement.
To date our clients have used this service primarily to understand what is required of them to move towards compliance (a gap analysis resulting in a Board report and project actions), but there are many other use cases. As qualified DPOs, GDPR Practitioners and Project Managers, all our consultants are well versed in what ought to be happening and how to make it so.
We will work with you to discover what areas you’d like covered, and suggest the most effective ways of achieving your goals. We can run ‘mystery shopper’ tests, or process walk-throughs, training courses, process mapping, and adapt to whatever suits the style of your organisation.
Best Fit:
Start up, Small or Micro business, who are looking to understand their current position and to create an action plan.
For all sized companies, support for annual or one-off events such as DPIAs, audit preparation, post-event discovery and reporting, M&A due diligence.
Also works well for events that repeat, but are of varying frequency: training, quality reviews, mystery shopper, integrating legislative updates etc.
As well as providing Data Privacy Services we also offer an Outsourced DPO model This is a bespoke service, designed to meet the needs of those organisations who are deemed by the regulators to require that little bit extra – typically this includes Public Bodies and those dealing with Sensitive or Personal data as a core part of their business.
You can choose as much or as little as is required, although we will advise on any conflicts-of-interest and stress points identified if certain responsibilites are kept ‘in-house’, plus options to reduce those conflicts.
Outsourcing the DPO function is a good way to ensure the independence of the role, and is specifically supported within the legislation for this purpose.
Best Fit: Where appointment of a DPO is mandatory (such as the Health sector), but the skills or dedicated resource are not available in-house
To ensure compliance with the GDPR and the 2018 DPA you are required to have someone managing those privacy and protection processes. In many cases, they don’t need to be a fully qualified DPO, but this person must have:
It is especially hard to maintain specialist up to date knowledge when, after the systems are set up, this is a part time job in all but the largest organisations. Equally, few micro, small, and medium size businesses are able to carry what is effectively a multi-disciplined auditor, who has to know the systems, but cannot be involved in the systems.
This is where JEM can provide you peace of mind and value for money.
If you undertake any large amount of data processing or you are a public body then the regulations say that you must have one. It is different to a Data Manager (or any other ‘local’ name – you might refer to them as a Data Guardian for example) in that a DPO is a defined role, with specific instructions, capabilities and protections that make it difficult for you to appoint while they are doing another job inside an organisation.
Your DPO must be fully independent of the “purposes and means” of processing data. Who in your organisation do you have standing aside from using data, yet who also has the expertise to undertake the role?
Even if you can find this person, employing them full-time to undertake the role may not be cost -effective.
Our outsourced flexible service delivered by experts takes the weight of your data security and data privacy concerns. This leaves you free to concentrate upon your core business.
Key Benefits:
If you are required by law to appoint a DPO, then JEM are here to help.
Many organisations suffer from inefficient ways of managing their data. We can help shape your data processes and systems to save time and money. Additionally, many businesses do not realise the vulnerabilities of their IT systems to penetration. Working with our partners, we can help you resist attacks that could harm your business and its reputation.
Our team of qualified DPOs can be on-site to:
Then at the end of a phone or e-mail to:
[1] Although not a core offering, JEM staff are also qualified Project Managers and can work with you to bring about the necessary changes.
[2] JEM can undertake the complete DPIA process, but advise that we consider it is better run in-house by the PM and system experts with direct knowledge of the business requirements. JEM can guide and support
Our data flow mapping is an overview of your business based on one particular day, but you will need to maintain compliance forever. We can provide regular audits and progress reviews as required – adoption of and adherence to, your policies and procedures (for example: retention, consent, access requests), data quality checks, staff knowledge etc.
[1] Assist with information collection to identify personal data processing activities; verify GDPR compliance of the processing activities; provide advice and guidance on compliance best practice.
Review any privacy notice you currently have; advise best practice and draft a new one for you if necessary.
A wide range of subjects and skills training is available, including briefing your staff on how to manage their data responsibilities when handling Personal Data, and what to do if a data breach occurs. We can build and run courses specific to your environment, with overviews in a lunchtime, or full day classroom sessions. Call for more details.