The Data Protection Act 1998 gives data subjects (individuals who are the subject of personal data) certain rights. It also requires data controllers (the legal entity processing the information) to be open about how the information is used and to follow the eight principles of ‘good information handling’. Organisations that process personal information in the course of their business have a statutory responsibility to comply with the Act.
Our Information Systems Assurance specialists have a thorough understanding of the Data Protection Act and the regulatory requirements. Our experience across a vast number of organisations and industries, and knowledge of IT risks and controls, means that we are well placed to provide advice and assistance to ensure compliance with the Act. We provide a range of services to assist organisations in their compliance process through the following services:
- Compliance assessments and consultancy reviews to identify and advise on omissions in process and procedures
- Data Audit advice and assistance completing and submitting the statutory notification
- Audit reviews to provide a level of assurance over the compliance framework
- Ad-hoc guidance and advice on sector specific queries
- Annual subscription service to provide comfort that guidance and advice is available when required
- Data Protection Act training, tailored to your specific needs
- Data Protection Act policy drafting
- Advice on Data Processor arrangements, including reviews and assessments of third party service providers
Why would you need it?
- Your organisation processes personal information and you need to ensure you are compliant with the Act
- Your organisation needs advice and assistance in implementing the necessary procedures to be compliant with the Act
- Your organisation needs an independent review of your compliance processes to provide assurance to the Board or Audit Committee