Shield Security Consultancy Services offers a comprehensive range of information security/cyber security services covering data privacy protection, ISMS implementation, support with ISO27001 & ISO22301 certifications, penetration testing and business continuity program implementation.

GDPR Compliance Consultancy Services

As of May 2018, all organisations that handle data of EU residents are required to comply with a single set of rules about data governance/protection, regardless of where the organisation is located. The introduction of the General Data Protection Regulation (GDPR) has dramatically changed the way in which data is stored, shared and moved. The legislation gives individuals greater rights and control over their data by way of consent as well as the power to access, rectify or erase information held and the right to be informed. With severe non-compliance penalties of up to EURO 20 million or 4% of worldwide turnover, GDPR makes organisations more accountable for their approach to handling personal data and safeguarding it. Getting your house in order is not an overnight task. The far-reaching nature of GDPR means every aspect of business will feel its impact and, in places, entire processes will need to be replaced or set up from scratch.

Shield Security Information Security Consultancy Services can help your organisation achieve its privacy goals and compliance obligations for GDPR through cost-effective advice and support. Our experienced International Association of Privacy Protection (IAPP) Certified specialist data privacy consultancy team can provide you with the necessary expertise to implement a total privacy program that meets GDPR compliance requirements. We can also undertake an initial privacy impact assessment of your current compliance regime if you are just getting started with a data protection program. Our ‘free of cost no obligations’ initial assessment is aimed at helping organisations understand GDPR and the work required to achieving GDPR compliance.

Our GDPR consultancy services come in three packages:

Platinum: an all-inclusive GDPR compliance service, where Shield takes care of everything on your behalf to ensure compliance.

Gold: we work with you to achieve compliance

Silver:  Shield will provide guidance to enable you to carry out your own compliance.

Support with establishing data privacy governance structure:

• Understand impact of GDPR on organisation
• Undertake data privacy impact assessment including for 3rd parties
• Data privacy strategy and policies formulation
• Identifying organisational roles/responsibilities including formulation of job descriptions
• DPO Training (if nominated/need established)
• Audit and compliance monitoring procedures and establishing KPIs
• Establishing communication channels and policies
• Support with establishing Data Privacy Committee and charter of duties
• Support with compiling personal data inventory and establishing data transfer mechanisms:
• Compile inventory of personal data holdings (what personal data is held and where)
• Classify personal data holdings by type (e.g. sensitive, confidential, public)
• Obtaining regulator approval for data processing (where prior approval is required)
• Register databases with regulator(s) (where registration is required)
• Maintain flow charts for data flows (e.g. between systems, between processes, between countries)
• Maintain records of the transfer mechanism used for cross–border data flows (e.g., standard contractual clauses, binding corporate rules, approvals from regulators)
• Formulating binding corporate rules as a data transfer mechanism
• Contract clauses formulation where contracts are being used as a data transfer mechanism (e.g., Standard Contractual Clauses)
• Obtaining regulator approval as a data transfer mechanism
• Help with understanding the EU–US Privacy Shield and support aimed at ensuring adherence
• Support with formulating internal data privacy policy and embedding data privacy into operations:
• Formulation of data privacy policy including employee data privacy policy
• Establishing/identifying legal basis for data processing
• Establishing policies/procedures for:
• Collection and use of sensitive personal data (including biometric data)
• For maintaining data quality
• For the de–identification of personal data
• For reviewing processing conducted wholly or partially by automated means
• For secondary uses of personal data
• For obtaining valid consent
• For secure destruction of personal data
• Integrate data privacy into use of cookies and tracking mechanisms
• Integrate data privacy into records retention practices
• Integrating data privacy into direct marketing practices
• Integrating data privacy into hiring practices etc
• Support with data privacy risk identification and mitigation:
• Identification of data privacy security risks
• Risk register and risk mitigation plans
• Establishing administrative and technical controls to address risks
• Third party due diligence and risk mitigation
• Establishing 3rd party data privacy requirements
• Support with formulating data privacy notices:
• Formulating privacy notice that details the organisation’s personal data handling practices
• Identifying points for exhibiting privacy notices
• Formulating data privacy notices for contracts, marketing activities, etc.
• Support with formulating data subject requests and complaints procedures:
• For responding to requests establishing a mechanism for individuals to update or correct their personal data
• For responding to data portability requests and establishing mechanism for providing such data
• Establishing complaints handling and investigation procedure
• Support with establishing data privacy impact assessment procedures including formulation of organisation specific checklists and templates
• Support with data privacy breach monitoring and reporting program:
• Establishing data privacy incident/breach response plan
• Establishing breach notification (to affected individuals) and reporting (to regulators, credit agencies, law enforcement) protocol
• Breach incident log creation
• Establishing mechanism/methodology for testing of data privacy incident/ breach plans
• Support with preparing all necessary documentation as evidence of .organisation’s compliance with GDPR
• Support with identifying/recommending GDPR automation solutions
• Post compliance GDPR health checks and continuous improvement support, refresher training and awareness campaigns and data privacy risk re-assessment and mitigation support

ISO 27001 certification consultancy services

The way in which you look after and use corporate information can mean the difference between success and failure for your business. Get it right and you’ll grow your customer-base. Get it wrong and the risks and penalties can stop you in your tracks. ISO 27001 certification demonstrates that your business has systems in place to protect corporate information and data, whether this is online or offline. By gaining ISO 27001, customer and stakeholder confidence is increased and your company’s reputation is improved, allowing you to stand out amongst competitors.

Our experienced and certified ISO27001 consultancy team can help your organisation prepare for securing ISO27001 certification and provide post-certification support to ensure your certificate remains current. Alternatively, if certification is not what you are after and you would like, instead, to put in place a robust information security protection regime we can help your organisation develop and implement an effective and efficient information security management system (ISMS) aimed at mitigate information security risks faced by your organisation. Key support in helping you attain ISO27001 certification includes:

• Establishing ISO27001 based Information Security Governance Framework
• Identification of information security risks and support with prioritising risks
• Implementing information security risk mitigation plan
• Information security operations management
• Audit of 3rd party information security compliance
• Establishing IT business continuity plans
• Putting in place robust information security incident management plans in place
• Setting up KPIs/compliance monitoring regimes
• Regular reviews and audits to confirm that your organisation continues to comply with the ISO 27001 standard and that your ISMS continues to operate as specified and intended

If you would like more details regarding the above services or any of our other Information/IT security offerings such as PCI DSS implementation, pen testing, IT DRP or business continuity program implementation etc, please email us at Infosec@shieldsecurity.co.uk or speak to a member of our team.