Governance and Compliance
At STABE our GDPR experts can provide your organisation with ad hoc or regular assistance to help you stay compliant. Our easy to follow advice will help you establish new processes so that you can then maintain compliance.
All the services we offer below can be provided as one-off support or as part of a larger implementation project within your organisation. We are here to help whatever your needs are.
To provide these services we have developed templates which meet the requirements of external assessments, such as the NHS’ Data Security and Protection Toolkit (DSPT). We can include a selection of these templates for your on-going use depending which package you choose from us. If you have existing documentation in place, then we will work with that for no additional charge.
Data Sharing Agreements and Data Processing Agreements
If you need a data sharing agreement between two data controllers then we can advise you on the legal requirements of such an agreement or advise you on the proposed agreements you receive from third parties to determine its effectiveness as well as your risk and liability.
If you outsource or sub-contract to another company, or you offer these services, then we can also support with data processing agreements. At STABE we have developed templates agreements which will fit your needs.
Data Protection Impact Assessments (DPIA’s)
Data Protection Impact Assessments (DPIA’s) are now a mandatory requirement for all new and high-risk processing. We have found that this is one of the areas that companies struggle to implement effectively. We are vastly experienced with completing DPIAs and have templates to help you do this. They will demonstrate your legal compliance when using data and will also help to identify and manage your risk.
Breach management and incident reporting
At STABE we have a range of knowledge and skills to support full and extensive investigations when incidents occur. Between them, the team have the experience of investigating incidents within the police force and implementing a new comprehensive root cause analysis (RCA) package and training programme within Hampshire Hospitals NHS Foundation Trust.
Not only can the team support with investigating breaches and documenting the outcomes, including an action plan, they also have experience with liaising with the ICO when serious incidents occur. We can help if you need support undertaking an investigation, need a template RCA report or need a liaison with the ICO.
Asset Registers
Asset registers are vitally important to your organisation. They don’t just act as a log of systems that you use but they play a much bigger role than that. They should list the types of data that is held, the asset owners and administrators (who have certain requirements), the risk grading and the business continuity management.
This is a huge area of compliance which is easy to overlook. If you need help setting up this process or undertaking risk reviews of your current systems, then we can help. We can also provide you with our template risk registers or assessments.
Article 30 Processing records
This type of processing goes by a few different names. Put simply, it is a log of how you process your data, internally and externally. This often goes together with maintaining an asset register and we can offer these services as a package or as separate services.
Our template conforms to the DSPT data flow mapping standard but can be used in any industry. The key information that you need to be recording must include what data is processed, where it is going, how much data is being transferred and by what method.
Data Protection Policies
Policies are an integral part of an organisation as they determine what is acceptable practice, keep the organisation protected, delegate accountability and set the culture of the organisation.
At STABE we have a range of experience with authoring policies to meet the needs of your organisation or can provide a check and review service to help improve your existing ones and provide a gap-analysis service using our expertise of data protection and privacy laws.
Subject Access Request Advice Service
Data Subjects (or customers, patients, clients, etc.) have a variety of rights including the right to object to processing, the right to erasure and the right to access information held about them.
At STABE we can provide advice and support for all these rights. We have found that data subject access requests cause the biggest headache to an organisation. We can help you with an efficient way to log and process these requests ensuring that they are responded to within the deadline and with as little resource required as possible.
Digital Technology Assessment Criteria (DTAC)
The NHS has released a new mandatory assessment for organisations provide digital technology, such as systems, cloud storage and apps. The DTAC is used by healthcare organisations to assess suppliers at the point of procurement or as part of a due diligence process, to make sure new digital technologies meet the required standards.
The experts at STABE have vast experience with working for the NHS and we are able to assist you with completing these new assessments to ensure that the procurement process runs smoothly. We can also support you if you want to complete an assessment to make your product stand out from the crowd.