We tailor a solution to your data, your systems and your business.

We know that despite all the good intentions and benefits, Data Privacy is difficult to manage with in-house resources. That’s why contracting with an external agency is often the easiest, the most cost-effective way to meet your obligations.

By dealing with qualified professionals who live and breathe GDPR every day of the week, you can be sure you are getting impartial, accurate and up-to-date advice and direction.

We offer a choice of engagement methods that will fit with your preferred options for working with service providers:

Support Desk Services

Starting with a one-off ‘health check’ with you and your team, we would spend the day on site to discuss and discover your current situation (£500) (1). The report from this identifies any issues, and the most cost-effective option for you – including potentially the other packages we offer.

Then, from £149 per month (2)  our qualified consultants are available to nominated individuals in your organisation during the working day to answer queries and issues. It may be a complex Subject Access Request (SAR) has been submitted, or you have a suspected data breach to deal with. We can advise the best way to handle things.  We can also review your paperwork (remotely or with a visit) to ensure that your processes and procedures are in line with your policies, and in turn with the legal and regulatory framework.

Best Fit:  A medium sized organisation requiring advice on a regular basis.  

(1) Not necessary if JEM have already conducted a detailed gap analysis with you.

(2) Minimum term is one year. Price depends on size of organisation and the maximum dedicated time guaranteed to you. VAT is applicable.

Time Banking

Time banking with JEM couldn’t be simpler:   Choose a block of time: 1, 4, 12 or more hours – valid for 12 months, and pay a one-off charge.  When you have a query, contact us by email or phone, and we will respond within 1 working day although responses are likely to be faster wherever possible (1) .

We do not insist on a health-check prior to starting this level of service, but clearly the better prepared you are, the more effective the use of your banked time.

And if a particular incident (for example handling a breach that requires ongoing communication with the regulator) means we exceed your remaining time-bank, JEM will continue to work with you until the issue is resolved[2].

Costs:

  • 1hour      £75
  • 4 hours £225
  • 12 hours £600
  • > 12 hr – POA            All charges subject to VAT.

 

Best Fit:  A small organisation with irregular or ad hoc need for specialist support. When needed, it is likely to be at short notice and urgent, with managed and manageable costs.  

[1] 9am – 5:30pm, Mon- Fri exc. Bank Holidays.  Any delays beyond this will be responded to as quickly as possible but will result in no deductions from your time-bank.      Support will be either by phone or email.  Meetings generally will be by conference call or Skype.    Banked time is billed in 15-minute increments. We will keep you updated on the state of your account and advise if you are running close to your limit.

[2] JEM may choose to bill at a rate to be agreed, but no more than £75 per hour, until a new pre-pay contract is agreed.

Project Services

Have your auditors suggested there is work to be done on your privacy?  Are you concerned that your documentation might not deliver under pressure?  Have you received a Subject Access Request (SAR), and struggled to know where to look for the relevant data, let alone be sure you’ve got it all?

It might be time to ask: Are the right people doing the right things at the right time for the right reasons?

No matter what your need, JEM are happy to deliver, be it a 1 day review or a 6 month engagement.

To date our clients have used this service primarily to understand what is required of them to move towards compliance (a gap analysis resulting in a Board report and project actions), but there are many other use cases.  As qualified DPOs, GDPR Practitioners and Project Managers, all our consultants are well versed in what ought to be happening and how to make it so.

We will work with you to discover what areas you’d like covered, and suggest the most effective ways of achieving your goals. We can run ‘mystery shopper’ tests, or process walk-throughs, training courses, process mapping, and adapt to whatever suits the style of your organisation.

Best Fit:  

Start up, Small or Micro business,  who are looking to understand their current position and to create an action plan.

For all sized companies, support for annual or one-off events such as DPIAs, audit preparation, post-event discovery and reporting, M&A due diligence.

Also works well for events that repeat, but are of varying frequency:  training,  quality reviews, mystery shopper,  integrating legislative updates etc.

Outsourcing the Data Protection Officer Role

As well as providing Data Privacy Services we also offer an Outsourced DPO model This is a bespoke service, designed to meet the needs of those organisations who are deemed by the regulators to require that little bit extra – typically this includes Public Bodies and those dealing with Sensitive or Personal data as a core part of their business.

You can choose as much or as little as is required, although we will advise on any conflicts-of-interest and stress points identified if certain responsibilites are kept ‘in-house’, plus options to reduce those conflicts.

Outsourcing the DPO function is a good way to ensure the independence of the role, and is specifically supported within the legislation for this purpose.

Best Fit: Where appointment of a DPO is mandatory (such as the Health sector), but the skills or dedicated resource are not available in-house

As an aside: Why should you outsource your… ?

To ensure compliance with the GDPR and the 2018 DPA you are required to have someone managing those privacy and protection processes. In many cases, they don’t need to be a fully qualified DPO, but this person must have:

  • Good knowledge of the provisions enshrined in the Acts – both Obligations and Rights.
  • Ongoing, up-to-date knowledge of amendments, rulings, legal interpretations and other regulations that impact (e.g. PECR, Geo-Blocking et al) and be able to understand the implications.
  • The ability to conduct reviews in all business lines in an organisation, following the data flows across organisational boundaries.
  • Immunity from ‘office politics’.
  • A good understanding of the processes and procedures by which you process personal data – both internally and externally.
  • A disinterest in the operation of these business processes, with no personal gain determined by recommendations or observations.
  • Be able to ensure the training of, and information dissemination to, all staff engaged in dealing with personal data.
  • A good understanding of current cyber security ‘best practice’.
  • Access to the top level of management in your organisation but without bias, fear or favour.

It is especially hard to maintain specialist up to date knowledge when, after the systems are set up, this is a part time job in all but the largest organisations.   Equally, few micro, small, and medium size businesses are able to carry what is effectively a multi-disciplined auditor, who has to know the systems, but cannot be involved in the systems.

This is where JEM can provide you peace of mind and value for money.

If you undertake any large amount of data processing or you are a public body then the regulations say that you must have one. It is different to a Data Manager (or any other ‘local’ name – you might refer to them as a Data Guardian for example) in that a DPO is a defined role, with specific instructions, capabilities and protections that make it difficult for you to appoint while they are doing another job inside an organisation.

Your DPO must be fully independent of the “purposes and means” of processing data. Who in your organisation do you have standing aside from using data, yet who also has the expertise to undertake the role?

Even if you can find this person, employing them full-time to undertake the role may not be cost -effective.

Our outsourced flexible service delivered by experts takes the weight of your data security and data privacy concerns. This leaves you free to concentrate upon your core business.

Key Benefits:

  • Access to hands-on advice and guidance to ensure that the GDPR/2018 Data Protection Act does not trip up your business
  • Breach Support. Access to help in reporting and liaising with the ICO and in recovering from a breach
  • Helping you to manage your data assets compiling and maintaining your data processing register
  • Yearly reviews and audits to ensure your systems enable your organisation to meet its GDPR obligations.
  • Expert training to maintain staff awareness and help your managers understand their obligations.

If you are required by law to appoint a DPO, then JEM are here to help.

When you choose JEM, what do you actually get for your money?

Data Optimisation and Data Security Consultancy

Many organisations suffer from inefficient ways of managing their data. We can help shape your data processes and systems to save time and money. Additionally, many businesses do not realise the vulnerabilities of their IT systems to penetration. Working with our partners, we can help you resist attacks that could harm your business and its reputation.

Support that enables you to make good on delivering the Rights and Obligations of Data Privacy

Our team of qualified DPOs can be on-site to:

  • Provide the initial Gap Analysis and Reporting – what do you currently do, what ought you be doing[1]?
  • Work with you to map your processes that involve Personal Data
  • Run the walk-throughs and drills on your existing processes – do they do what you think they do?
  • Provide guidance on data breach monitoring, management and reporting
  • Provide on-going training to staff and the Board on their responsibilities for data privacy, tailored to how your organisation specifically is managing things.
  • Management of DPIAs (Data Privacy Impact Assessments)[2]

Then at the end of a phone or e-mail to:

  • Provide advice and guidance on responses to privacy rights requests from individuals (information, access, rectification, objection, erasure, right to data portability)
  • Advise on contacting data protection authorities for all data protection issues

[1] Although not a core offering, JEM staff are also qualified Project Managers and can work with you to bring about the necessary changes.

[2] JEM can undertake the complete DPIA process, but advise that we consider it is better run in-house by the PM and system experts with direct knowledge of the business requirements. JEM can guide and support

Ongoing Compliance Reviews

Our data flow mapping is an overview of your business based on one particular day, but you will need to maintain compliance forever. We can provide regular audits and progress reviews as required – adoption of and adherence to, your policies and procedures (for example: retention, consent, access requests), data quality checks, staff knowledge etc.

  • Review and advise on policies and documentation relating to the processing of personal data
  • Working alongside you / your staff to ensure your processes are both in-line with the legal requirements, and with your policies.
  • Advise on the establishment and maintenance of the Written Record of Processing[1]
  • Advise on monitoring compliance with the GDPR
  • Act as a ‘mystery shopper’ – what actually happens when a SAR is submitted (by us) to your teams?

[1] Assist with information collection to identify personal data processing activities; verify GDPR compliance of the processing activities; provide advice and guidance on compliance best practice.

Privacy Notice Review

Review any privacy notice you currently have; advise best practice and draft a new one for you if necessary.

Staff Briefing and Training

A wide range of subjects and skills training is available, including briefing your staff on how to manage their data responsibilities when handling Personal Data, and what to do if a data breach occurs. We can build and run courses specific to your environment, with overviews in a lunchtime,  or full day classroom sessions.  Call for more details.

How Can we Help?

Interested in learning more?

Check out our LinkedIn pages, pick up the phone, e-mail or tweet us to start your journey to compliance