Garden City Assurance are experienced in many sectors
Let us guide you through the compliance maze
Whether you need a couple of hours of advice for an urgent piece of work, or a longer-term engagement for a data protection project, we can help. We have experience in many sectors, including managed and shared IT services, HR and recruitment, manufacturing, 3rd sector, central government and defence, and DPOaaS in the Health Sector. We work closely with you to identify risks and confirm goals. We spend time with you to ensure we are both clear where you are, and where you want to be with data protection. We discuss your approach to risk and the personal data you handle.
Gap Analysis and Remediation
Unsure where to start when it comes to GDPR and data protection? Garden City Assurance can help you understand what compliance position your company is in by identifying key gaps and risks. I’ll review your company’s current policies and processes and assess how effective they are, as well as whether that all-important paperwork stacks up and matches what you really do. I’ll work with key staff across the organisation to ask the right questions, and then work with you to devise a plan of action that fits your business and its strategy, to remediate issues. Once I’ve helped you prioritise what most urgently needs attending to, you have the flexibility to address risks internally, use my services for support, or a combination of both. I can help you implement the remediation plan for an agreed day rate, meaning compliance issues will be dealt with quickly and expertly. It’ll leave you with one less thing to do, so that you can get on with running your business. Let's discuss it in more detail.
Third Party Supplier Due Diligence
When using a third party company’s services or software, you are responsible for checking GDPR requirements are met. If that company suffers a data breach and you haven’t performed the necessary due diligence, the bad news is, you suffer too and may be liable for fines or other enforcement action. To ensure a third party supplier is compliant, don't just take their word for it. You need to make detailed checks and it’s best to get an independent unbiased opinion. Let me take that job off your hands. With years of experience with tried and tested methods, I know the right questions to ask and where to look for potential risks. I’ll then report back and you can evidence that you’ve taken the necessary steps to minimise supplier risk. Leave it to an expert and you won’t pay for mistakes later. Protect your customers and yourself by hiring me.
Retained Compliance Support (in-house or remote)
This is designed for small businesses who may not need around the clock compliance support, or might not be able to afford it. Instead, pay a monthly fee in advance for a set amount of hours or days per month. I can carry out document reviews and uplifts, configure compliance tooling, attend meetings, or be around to guide, consult and answer pressing questions - on or off site. When you hire Suze, you hire a data protection professional that is passionate about her job. It’s much more cost effective than asking someone untrained in the office to muddle through and interpret the legislation. You’ll receive a wealth of detailed GDPR and compliance advice from her in just a few days a month, which in the long run will save you money.
Ad Hoc Helpline Services
This is for those companies I have worked with previously and have got their compliance ducks in a row. You don’t need someone on hand regularly, but sometimes find yourself in a new or unusual situation that needs specific and detailed advice. It could be anything from a nasty SAR to a data breach. That’s where I come in. Pay a set fee for an agreed block of hours and draw on them when needed. It’s a little bit like having insurance. I’ll be just a quick email or phone call away when you need me most, ready to provide independent expert advice. The challenge with compliance and GDPR is that it’s so complex. But I’ve spent many years dealing with queries like this, so your questions and concerns will be answered quickly. It means you don’t need to search for hours for the answers before making those all-important business decisions. I’ll be waiting to give guidance on data protection and e-Pr so you won’t waste precious time. It means you can always feel safe in the knowledge you’ve got your business and customers best interests at heart and confident that complaints won’t be coming your way. Invest in as little as two hours a month. Email me for a quote now here.
Data Protection Impact Assessment (DPIA) Assistance
If you’re undertaking new data processing, it could be a high risk to people. By law you are required to perform a DPIA to examine and mitigate the risks as part of your accountability evidence. You may have recently implemented a new CRM, installed free customer WiFi in your establishment that tracks data subjects without their knowledge, or perhaps run a staff mental health survey. There are so many reasons a DPIA needs to be carried out and I can advise whether you need one or not. I will work alongside your teams and data protection lead to work through the DPIA. I’ll draw out the risks and mitigations needed, documenting things as we go. It'll leave you with a DPIA on file you are able to uplift and check on a regular basis. It's a legal requirement, but it’ll also leave you with a clear conscience that you're being ethical with staff and customer data. Let’s talk your DPIA over.
Data Mapping and Record of Processing Activities (ROPA) Assistance
When you set up your business, it’s likely you didn’t give data protection more than a quick thought. It might not be the most exciting side of running a company, but it’s important to have records of what data you process, where and how it’s held and who it’s shared with. If you’re unsure what information you’re collecting and whether it’s lawful, it’s best to bring in an expert to find out. Hire me and I’ll be able to identify data you hadn't even realised you were processing and work with you to map it and create a ROPA. I’ll also look at why you’re collecting the data and whether you really need it. ROPA and data mapping might fill you with dread, but it underpins all your data processing. It will ensure you're aware what you’re processing and why. After my analysis, whether you want your data map on a spreadsheet or detailed within proprietary software, I’ll help you choose the solution to best fit your business. Having the right tools in place will make it easier to access and update your records. In turn, it’ll save you valuable time that could be spent elsewhere in the business. Get me to help with the hard work. Let’s talk here.
Document Review and Uplift
Most companies that don’t have an in-house data protection team could probably benefit from a policy and document review and uplift. If customers can’t understand a badly worded privacy notice that’s crammed full of legal jargon, or it’s buried in your website and can’t be seen, at best it’s pointless and at worst a failure of the transparency requirements. It’s not just customers that’ll benefit either. If your policies and processes are in order, it makes things easy for staff to understand, follow and implement. What you claim to record and process needs to match what you’re actually doing. It can be stressful, but I’ll take that worry off your hands. Not sure if you need an uplift? Let’s go for coffee or have a free consultation over the phone and I can advise. Arrange a consultation here.
Cookies and Website Compliance Guidance
Let’s talk about websites and cookies.
Marketing and Charity Fundraising Guidance
Asking people to sign up to your newsletters or mail outs is important for business, but it needs to be done in a lawful and transparent way. Not sure when you need consent for marketing or when soft op-in applies? Can the box be pre-ticked, or does the person need to actively tick it? If you’re confused, you’re not alone. The good news is it’s not difficult once you understand the rules. Poor marketing practices can be frustrating for customers who receive emails they didn’t ask for. But it’s not just annoying, it’s unlawful. Tricking customers into signing up or buying marketing lists without verified and auditable consent will cost you in the long run with fines from the UK Supervisory Authority (the ICO) and will lead to lost sales. Treating your customers well by adhering to legislation, will mean your hard-earned reputation is never damaged. Your email list will be full of highly engaged customers that actively want to hear from you. After all, they’re the ones who want to spend their money with you. Getting things right increases confidence and trust, which will only do good things for your company’s bottom line. Need marketing guidance? I'm all yours. Drop me a line here.
A report by Info Security Magazine states that 90% of data breaches are caused by human error. This is why training staff is vital. Staff members are your first line of defence for protecting personal and business data. By training them in data protection, you’re making their job easier. You’re also proving to your team, customers and the ICO you’re taking your accountability responsibilities seriously. Training provided by Garden City Assurance is tailored to your business. It can cover the fundamental principles of data protection, as well as e-privacy and how it applies to your organisation.
Training can all too often be uninspiring. Not mine. With interactive activities that are engaging but pragmatic, your staff will learn a lot and find themselves enjoying it too. I’ll provide the necessary information in a helpful guided environment so they’ll go away prepared to handle personal and business data in practice.
Staff training is an investment worth making. If staff are confident in what they’re doing, know how to spot and prevent a breach and are aware of what they should and shouldn’t be doing with data, then breaches and fines are less likely. Sound good? Let’s get training.
If you have a question about any of our services, please complete this form and we will respond as soon as possible.