Data Protection Services
Protecting clients’ personal information is something that all companies are required to do by law. The Data Protection Act 1998 protects against the misuse of an individual’s personal information and if you do not abide by the rules, even inadvertently, it could result in some large fines, or worse. At Bridgehouse Company Secretaries, we provide a number of data protection services to help assist you with compliance from creation of a suitable data protection policy, website compliance checks, assistance with dealing with Subject Access Requests (SARs) and full data protection audits.
About the Data Protection Act
The Act applies to any organisation that has access to information about individuals, wherever that data is held from physical office files to computer systems and emails. It also means individuals have the right to access any personal information held about them (this is called a ‘Subject Access Request’).
Here are the eight principles of the Data Protection Act that all companies must adhere to. Data must be:
- Processed fairly and legally;
- Processed for limited purposes and in an appropriate way;
- Relevant and sufficient for the purpose;
- Kept for as long as is necessary and no longer;
- Processed in line with individuals’ rights;
- Secure, and
- Only transferred to other countries that have suitable data protection controls
Our Data Protection Services
Data Protection Policies and Procedures – One of the first steps to compliance is having appropriate policies and procedures in place. These include an over-arching Data Protection Policy, Privacy Notice for your website, SAR procedures and even extend to such policies as Clean-Desk Policy and Internet, Email and Telephone Usage Policy. Bridgehouse can assist with the drafting of individual policies as well as a full framework of relevant policies and procedures.
Website Compliance Checks – Bridgehouse Company Secretaries can undertake a Compliance check on your company website to ensure that it meets the minimum data protection requirements as well as requirements under the E-Commerce Regulations. We can also provide assistance with your website terms and conditions.
Subject Access Requests – Responding to SARs can be a laborious and time consuming activity, especially where a company has insufficient training and procedures on how to deal with them. As companies only have 40 days in which to comply before breaking the law, Bridgehouse can assist with the administration of the SAR including reading through extensive amounts of paperwork and emails to identify the data subject and redacting information where necessary.
Full Data Protection Audits – Bridgehouse’s team of experts carry out a risk-based approach to a four-part audit tailored to each individual client’s needs.
- Part 1 – Project Inception: providing a bespoke audit for the client, including bespoke questionnaires, liaising with key contacts as necessary to ensure that the client’s objectives and key focus areas are met.
- Part 2 – Document Reviews – a thorough desktop review of all documentation pertaining to Data Protection in the Client’s organisation. This will include policies, procedures, the Client’s website and any other relevant documents.
- Part 3 – Interviews and In-Depth audit of practices and culture: This is carried out on-site audit and focuses on ascertaining if and how the organisation complies with the 8 Data Protection Principles. This part of the audit seeks to identify the type of data held, the purpose for which it is held, the adequacy and accuracy of data held, how long it is held, whether subject access to the data is provided, where it is held and whether it is sufficiently secure, who and where the data can be disclosed to, and who has access to it.
- Part 4 Reporting: A detailed report of audit findings is produced following the audit covering high level issues such as the compliance, culture of the organisation, training needs and any potential blocks to compliance. The report includes recommendations about how to manage data protection compliance and detailed findings and action points with a risk assessment factor against issues.
If you would like expert help to ensure your business is compliant with the Data Protection Act or to create a Data Protection Policy, call Bridgehouse on 0845 055 8260 or contact us here.