Individuals have the right to expect all data relating to them is collected, processed and managed in a manner in accordance with their legal rights.
– Brendan Byrne, Bridewell Partner
Data privacy services are concerned with the appropriate and legal use of personal and sensitive personal data throughout the data’s lifecycle. This includes how data is collected, processed, stored, maintained, protected and disposed of irrespective of the format and systems used.
Bridewell offer comprehensive data privacy services for all sizes of organisations to assess and advise on how they manage, protect and process the personal data of both their customers and staff in line with the organisation’s legal and regulatory obligations.
An organisation that can clearly demonstrate to its customers that it proactively addresses the individual’s data privacy concerns can inspire customer confidence. The customer will trust in their organisation that personal data is handled and protected in accordance with the organisations legal and regulatory obligations. Knowing that customers can trust the organisation offers the potential of new services being adopted by the customer base further enhancing their brand reputation.
In adopting the principle of data privacy by design organisations will:
- Understand the types of personal data they have
- Understand how they process and transfer the data (the data flows).
- Understand how to protect the data.
- Understand what legal and regulatory considerations there are.
- Respond and handle any incidents in a timely manner.
- Make informed risk based decisions and assessments of:
- Existing systems
- New projects and initiatives.
- The selection of new IT products.
An organisation who has a comprehensive understanding on how they process, transfer and store personal data, will understand the risks that exist within their estate but will also have the potential to capitalise on the competitive advantage of having a proactive approach to data privacy and expand their services into new areas both locally and internationally.
Having a proactive approach to data privacy also means organisations are better placed to adapt to changes in technology (e.g. Cloud ISO27018 Cloud protection of Personally Identifiable Information (PII)) as well as major legal and regulatory changes such as the new General Data Protection Regulation (GDPR).
What is the GDPR?
The GDPR is the biggest reform of data privacy within Europe in the past 20 years. It is designed to give more rights to individuals in relation to how their data is processed and transferred, as well as holding organisations accountable for failures to protect customers data in a manner commensurate with their rights.
The legislation is designed to provide “data subjects” (Customers) with several new rights including: –
- more transparency over how their data is being used,
- a need for explicit permission from the customer for how the data is being used,
- right to withdraw consent
- and more rights to transfer and delete data,
- limits on data profiling customers
- and mandatory breach notifications when their data may have been compromised.
The end goal is to lead to a greater degree of data protection harmonisation across EU nations when the GDPR replaces the European Directive 95/46/EC, which has been in place since 1995. Both the GDPR and the Data Protection Directive (DPD), which applies to law enforcement come into force on May 25th 2018.
In an interconnected world, businesses operating across borders and a growing digital economy it is vital that organisations understand the impact of GDPR. With increased fines of up to 20million euros or 4% of global turnover it is essential that you ensure your business and its operations meet the requirements of GDPR. The question is are you ready?
For more information on the GDPR, go to our GDPR Readiness page.
Bridewell Data Privacy Services
Bridewell have been working in data privacy for over 20 years and have experienced data privacy consultants, industry proven methodologies and have supported a number of organisations and industries in complying with applicable privacy requirements. We have individuals with leading privacy experience and certifications such as the Chartered Information Privacy Professional / Europe (CIPP/E), Chartered Information Privacy Technologist (CIPT) and Data Protection Practitioner (PC.dp) as well as certifications in the new General Data Protection Regulation. We pride ourselves on acting as a trusted advisor for our clients and being able to interpret privacy legislation and ensure it is practically implemented into our clients’ business operations.
Our approach to compliance is no different to other information security standards or regulatory requirements.
The basic principles are:
- A clearly defined strategy.
- Organisational wide controls.
- Processes and procedures (one of which will be the continual reassessment of the effectiveness of the data privacy/ protection programme).
Bridewell Consulting is an advocate of Secure by Design, and Data Privacy needs to be embedded into the full lifecycle of projects from planning and design through to the management and governance of the build and run phases.
Click below to find out more information on our individual services