GDPR Consultancy

About Our Data Privacy Consultancy Service

Founded upon 20 year plus careers in the field of outsourced database management and marketing services the founders of Rutherford Grant Recruitment have worked with database governance legislation as it has evolved.   

As such we  recognishe diverse complexities next generation data privacy compliance requires.

To address these challenges, we have built a sophisticated range of services, consulting expertise and technology solutions uniquely underpinned by an underwritten indemnity guarantee to provide, so far as possible, absolute peace of mind that our clients have a verifiably defensible position.   

This allows us to provide a comprehensive range of solutions, services and expertise in a flexible, affordable and pragmatic package, each designed to suit the individual needs of each client.

We help clients to attain and maintain a defensible position and then provide an underwritten indemnity mitigating cyber-attack costs, regulatory investigation and within reason, regulatory enforcement costs.

DPO as a Service – so You Can Focus on Your Business 

The GDPR stipulates a mandatory requirement that businesses and organisations (such as public authorities, businesses where the core activities involve processing special categories of data, or where there is regular and systematic monitoring of data subjects on a large scale), must appoint a nominated Data Protection Officer.

However, there is already a significant and recognised skills shortage, high growth salary trajectories, internal conflicts of interests issues and sheer demand means that outsourcing this function offers very real commercial benefits.

Our DPO as a Service solution meets regulatory requirement to:   

  • Advise organisations or businesses of your obligations under GDPR
  • Ensure your organisation or business stays compliant
  • Co-operate with the in country supervisory authorities such as the ICO
  • Perform data protection impact assessments and appropriate compliance action plan
  • Perform compliance audits
  • Develop and maintain your organisation's data privacy policies and procedures
  • Ensure your staff are fully aware of their role and responsibilities in relation data privacy and GDPR.

Our network of consulting expertise across the key disciplines of GDPR and accredited service providers coupled with an underwritten indemnity guarantee offers you the perfect outsource solution.

READINESS and ROAD MAP - A Clear Pathway for You

Our dynamic GAP Analysis questionnaire and range of security scans offers a contextual assessment of your organisations IT infrastructure, data processing activities, data assets and data protection policies and procedures to provide clarity of your GDPR Compliance readiness.

Once we have helped you to attain a defensible position of readiness we are able to provide an underwritten indemnity to insure your organisation against cyber breach costs.    

DATA MAPPING - Making your Unknown Known

What we coin "dark data" can be hiding anywhere in your organisation.  Personal data, (e.g. such as team performance reports, or marketing lists) will very likely reside in old emails and their attachments across multiple devices in your business. The level of human resource required to search, locate, identify and document where personal data is hiding is practically unfathomable, and obviously costly to your business.

Based on the meta data within such files our solution promptly and efficiently identifies, catalogues and categorises your GDPR risk level, whilst also providing you with a log of the location of each of these files. This includes all document, audio, visual and image files, across your network.

Bringing massive efficiencies toward creation and maintenance of a comprehensive record of personal data processing activities, cataloguing the location and meta data of all files containing personal data and prepares you to promptly with minimal disruption deal with Subject Access Request (SARS) in a timely and efficient manor mitigating regulatory enforcement risk.  

CONSULTING - Expert Guidance

Our consulting network represents accredited expertise across each discipline of GDPR.

Working with public and private sectors, locally and internationally our consulting networks’ accreditations representations and experiences include data privacy lawyers and privacy professionals, data base management and data base marketing expertise, cyber resilience, security and security architects, each with demonstrable careers history in their specialist fields.

Expert guidance is available to you on an ad hoc, retained, local, national and international levels to provide expert guidance when and where you need it, right through to full international data protection officer as a service representation for international client’s interest with in country regulatory authorities.      

All offering real depth of rich and a broad range of professional accreditations.

Qualified lawyers specialising in Data Protection & GDPR & PECR & EPR - Master’s In Information Security Systems - Master’s In Computer Engineering & Networking - BSI Certified Lead Auditor - Cyber Security Essentials Certification - IAPP (International Association of Privacy Professionals) Members - CIPP (Certified Information Privacy Professionals) - CIPM (Certified Information Privacy Managers) - CIPT (Certified Information Privacy Technologists) - Certified Information Privacy Professional/Europe (CIPP/E) - GDPR-F, GDPR-P, CISSP, CISA, CISM, CRISC, TOGAF, CCP, ISACA  Cybersecurity, CCNA and ITIL Experts.

TRAINING - Mitigate Human Error Build Competitive Edge

More than 50% of data breaches are the result of inadvertent human error. Addressing this we provide a suite of GDPR, Data Protection and Information Security courses that act to mitigate that risk. From one day awareness seminars, 3-day residential DPO training courses, alongside a library of over 20 modules of GDPR, Information Security and Data Privacy online video training courses delivered through a sophisticated learning management platform that provides users with certificate of completion and attainment with an auditable log of delivery of training.

Our Virtual Learning Library Courses Include:

  • GDPR - General awareness for all staff courses What is GDPR and GDPR In Action, specialist topics around working with GDPR & Payment Shield, GDPR and International Data Transfer, and a series of specialist job role related courses GDPR for HR, GDPR for IT, GDPR for Procurement, GDPR for Marketing and GDPR for Supply Chain
  • Data Privacy - What Is Data Privacy Training? Personally Identifiable Information - Protecting Confidential Information - HIPAA Basics - PCI DSS - Working with the Cloud - Storing Data – Disclosures- What Is GDPR? - GDPR in Action - Privacy Shield - International Data Transfers
  • Information Security - What Is Information Security? -  Consequences of a Data Breach - Email and Messaging - Welcome1 Is Not a Password - Secure Social Media - Protect the Workplace - Secure Out of the Office - Social Engineering & Cybercrimes - Taking Action on Info Security

TECHNOLOGY - Easing your Burden

Article 24 requires that businesses holding personal data 'shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary'

Whilst there is no magic wand, no one size fits all solution to attain and maintain compliance with GDPR, there are platforms and tools that will help you to systematise the process and maintain an auditable log of your policies, rationale, changes, updates and incident reports through to fulfilment of subject access request that will go a long way to easing the burden and centralise GDPR compliance routines and activities.

Our GDPR Compliance Management Tools will allow you to better manage:

  • DATA AUDITS - Processing Activities and Asset Register will help you provide a comprehensive log of IT and Data Assets providing a view of owner, location, security, controls, encryption and disposal of assets.
  • RISK ANALYSIS - A granular assessment to the risks and the ability to carry full Privacy Impact Assessments, including the ability to track data-processor agreements.
  • POLICIES AND DOCUMENTS - All of your data protection policies and documentation centralised and available to the relevant staff in electronic format.
  • TRAINING MANAGEMENT - data protection, Comprehensive log of all formal training and user awareness sessions with dates, attendees and knowledge assessment
  • GDPR REGISTER - Workflow engine to provide a comprehensive recording and a timely response for all Subject Access Requests and GDPR related queries.
  • REPORTING - As the information is gathered, you can monitor the progress at various levels and easily identify gaps. All of the data can be exported to standard office documents or PDF.

Our solutions can be offered on a self-serve basis, with light degree of support or as the platform to underpin fully managed outsourced GDPR Compliance management services.

GDPR and CYBER RISK INDEMNITY - Expert Cyber Risk Indemnity and Support 

Cyber Risk Insurance provides indemnity against the associated risks and liabilities from cybercrime, data hacking and/or data breach. From damage to websites or other online platforms to loss of personal data, cyber insurance can be tailored to your specific business requirements. Data Breach Insurance can be purchased in isolation or as part of a full managed services solution covering:

Data Breach and Cyber Cover - Hacker damage and virus cover for websites, back office systems and email platforms  -  Online or physical Data breach costs and liabilities - Post breach notification, forensic investigation and legal support - Hacker ransom and cyber extortion cover - Regulatory investigations and penalty costs - Payment card industry (PCI) fines and penalties - PR and crisis containment management and expenses post data breach - Optional Business Interruption for loss of income and reputational damage - Free Legal and Regulatory advice from cyber and data breach experts.

MARKETING SERVICES / TECHNOLOGIES – Marketing Orchestration Beyond the Event Horizon

Beyond the 25th May you will still need to acquire new customers and develop their business but with equal measure ensure that your process and methodologies remain complaint and accurately reflect your processing basis’s, permissions/consents and retention policies. 

Ensuring that your customer and marketing information is kept up to date, accurate and proportionate, while acquiring and developing new customers can be a daunting task.

Your data protection processes and culture will be a defining competitive edge, how you manage prospect data and engagement will be an asset – when done right and could be a costly mistake where done wrong.   

We provide holistic solutions across insight, complaint lead generation and the systems, to better sales enablement, nurturing profitable customers for businesses focused on growth and customer development.

Our Marketing Orchestration services include Data Planning - Data Cleanse And Hygiene Services - Database Hosting And Management - Segmentation And Modelling (B2B) - Optin B2B & B2C Lead Generation - Digital Marketing Services (Social, Search And Content Marketing) - Marketing Automation / CRM / Dialler Technologies. Contact Centre Fulfilment For - Data Cleanse & Opt-In Per-Missioning - Account Profiling - Lead Generation And Appointment Setting - Customer Acquisition And Development 

ASSET DISPOSAL – End of Life Asset Management

GDPR and privacy by design will instil accountability to personal data protection and it is crucial that the level of accountability is carried right through disposal of obsolete data bearing IT assets.

Our service partners have specialised in disposal of redundant IT and eradication of sensitive and personal data for over 15 years operating a strict ‘Chain of Custody’ concerning data-bearing devices. 

Data wiping and physical destruction of hard-drives is invariably carried out at secure facility and  within the Chain of Custody provide a fleet of covert vehicles monitored by the latest in Telematic technology, an external team of security-cleared staff in recognition that many our clients have highly sensitive or high-security situations that require items to be wiped at the customers site rather than be removed.

Once destroyed, a certificate of destruction is issued and all our processes adhere strictly to our responsibilities as certified ADISA members.

Our solution utilises WipeDrive 8, by White Canyon Software, the world’s leading expert in secure data destruction utilised by governmental organisations around the globe including the US Military and Department of Defense. WipeDrive8 has a dynamic interface that enables it to also work remotely, essential for modern remote working practices and multi-site international businesses.