Our Services Privacy and Data Protection Privacy and data protection are critical components of any authority’s governance, risk and compliance approach, but skilled staff are costly or unavailable, which often leaves responsible roles unfilled, or split between unqualified junior staff and expensive external lawyers. The Enterprise Privacy Group can provide resources at an affordable rate to analyse risks, recommend and implement controls, and manage the organisation’s duties arising from the handling of personal information. Training We have broad experience in developing and delivering training, both at executive and grass roots levels, and are able to develop tailored courses based upon real-world experience and a ‘menu’ of ready-made modules, ensuring that delivery is quick and cost-effective. Benefits Control of operational risks and project costs Compliance with ICO requirements Rapid delivery for urgent projects Skills transfer to in-house staff Deliverables Privacy policies and management platforms Risk and compliance reports Stakeholder engagement Key Facts Available on day rate or retained basis Options Long-term support Recruitment of key officers Privacy Impact Assessment Privacy Impact Assessments (PIAs) are important tools which can help organisations to identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective PIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation which might otherwise occur. The PIA provides a formal process to consider the risks of personal data processing from the perspective of the data subject, and to recommend controls which mitigate those risks to the satisfaction of both the data subject and the data controller. At the conclusion of the PIA, the organisation should have confidence that its data handling is ‘fit for purpose’ and that risks are appropriately managed. We are able to deliver a PIA as a fixed-price project so that you are assured of control over costs. Scope A PIA is essential for any new project, or significant change to an existing system, that has implications for the way the organisation handles personal information, and the Information Commissioner expects organisations to prepare aPIA for any major project or change affecting the handling of personal information. Approach We work closely with your team to understand your requirements and ensure that our delivery supports, rather than hinders, your objectives. Following initial meetings and a kick-off workshop, we will review your documentation and discuss your needs. We will then prepare a scoping study, leading to the full PIA. Upon completion we will review the findings and recommendations with you, before reporting to you and providing a management presentation. We can then provide training, support and further expert services as required. Deliverables Scoping study PIA report Review meeting Management presentation Benefits Insight into operational risks and project costs Compliance with ICO requirements Rapid turnaround Skills transfer Cloudstore We’re delighted to announce that Enterprise Privacy Group’s services are available in the Cloudstore under the G-Cloud 4 framework. G-Cloud is a revolutionary procurement mechanism for government departments, local authorities and the wider public sector to procure services without the onerous overheads associated with competitive procurement processes, which are often disproportionate for small transactions such as those associated with cloud services or SME support. Suppliers such as Enterprise Privacy Group are pre-qualified to provide services, so that these can be procured quickly and with a minimum of effort for all parties. Our core services are now available within the Cloudstore, including: Privacy Impact Assessments A Privacy Impact Assessment (PIA) is essential for any new project, or significant change to an existing system, that has implications for the way the organisation handles personal information, and the Information Commissioner’s Office expects organisations to prepare a PIA for any major project or change affecting the handling of personal information. Privacy and Identity Assurance Support We can provide a single source for expertise in privacy and data protection strategy and management; Identity Assurance Programme (IDAP) analysis, planning and delivery; and skills transfer to ensure that in-house staff are suitably equipped to make correct governance, risk and compliance decisions on time, every time. Public authorities wishing to discuss how they can benefit from our privacy and identity expertise can buy directly from Enterprise Privacy Group or through the Cloudstore. If your requirements aren’t described within the Cloudstore service offerings, then do please get in touch, we’d be pleased to help in any way we can.