DPO | Data Protection Officer | GDPR

Alignment with Industry Standards

At DataGRC, we are experience in using leading data protection, privacy and information security standards.

This helps clients to align with their peers, using well recognised and tested frameworks.

Technical GDPR_Assessment Training Change

DataGRC Data Protection Framework

Developed through client engagements and incorporating a range of industry standards, the DataGRC Data Protection Framework provides a broad coverage of requirements for the EU General Data Protection Act 2018 (GDPR), UK Privacy and Electronic Communication Regulations 2003 (PECR) and UK Data Protection Act 2018 (DPA). The assessment consists of 77 controls, in 14 categories:

Organisation
Policies
Training
Data Mapping
Lawful basis
Retention
Impact assessment
Security
Privacy Notices
Supply Chain
International
Privacy Operations
Breach Management
Assurance

Completion of the assessment provides clear guidance to senior leadership teams around levels of compliance and opportunities for improvement. Function specific staff can also use the assessment to drive and monitor remediation activities.

BS10012 PIMS Data Protection

This privacy framework includes:

Context of the organization - the organization and its context, needs and expectations of interested parties, scope, the personal information management system
Leadership - Leadership and commitment, Policy, embedding PIMS in the culture
Planning - Addressing risks, data inventories and flows, PIA/DPIAs (impact assessments), objectives and plans to achieve them
Support - Resources, Competence, Awareness, Communication, Documented information
Operation - Operational planning and control, implementing PIMS (roles, records, risks, training, managamgnt, data protection principles, retention, security, rights)
Performance evaluation - Monitoring, measurement, analysis and evaluation, Internal audit, Management review
Improvement - Nonconformity and corrective action, preventative actions and continual improvement

ISO 27001

This information security management system (ISMS) includes:

Context of the organization - the organization and its context, needs and expectations of interested parties, scope, the information security management system
Leadership - Leadership and commitment, Policy, Organizational roles, responsibilities and authorities
Planning - Actions to address risks and opportunities, Information security objectives and planning to achieve them
Support - Resources, Competence, Awareness, Communication, Documented information
Operation - Operational planning and control, risk assessment and treatment
Performance evaluation - Monitoring, measurement, analysis and evaluation, Internal audit, Management review
Improvement - Nonconformity and corrective action and Continual improvement
Appendix A - ISO 27002 Security control code of practise

Companies can be certified under IAF/UKAS accredited schemes.

ISO 27002

This security control code of practise includes:

Information security policies
Organization of information security
Human resource security
Asset management
Access control
Cryptography
Physical and environmental security
Operations security
Communications security
System acquisition, development and maintenance
Supplier relationships
Information security incident management
Information security aspects of business continuity management
Compliance

Cyber Essentials

This cyber security control framework includes:

Boundary firewalls and internet gateways
Secure configuration
Access control
Malware protection
Patch management

NIST Framework