Sector Expertise
Although principles of privacy apply universally and I have broad sector experience I have particular experience and focus my attention on:
Although principles of privacy apply universally and I have broad sector experience I have particular experience and focus my attention on:
The Health & Social Care sector presents unique privacy challenges. Processing involves significant Special Category Data (Sensitive) bringing enhanced legal responsibilities under GDPR and the Data Protection Act. This is further complicated by complimentary legislation and guidance such as the Mental Capacity Act, NHS Data Security and Protection Toolkit and the Caldicott guidelines.
Risks to organisations and individuals in this sector are high with financial and criminal actions taken by the Information Commissioner.
With experience of private sector and public sector health and social care provision and also with national governing bodies I am able to identify issues and design appropriate improvement plans.
I also have a specific data protection support service and outsourced DPO offering for health and social care sector clients.
Any M&A activity requires clear visibility and understanding of risk exposure. With the introduction of GDPR and the subsequent actions taken by European regulators these risks are starting to crystallize. Imposing a £99M fine, the ICO specifically criticized Marriott for insufficiently rigorous due-diligence of their purchase of Starwood Hotels from 2016.
Although legal due diligence will spot exposed compliance problems, I look at the operational handling of GDPR and data privacy, reviewing the team, operating practices and privacy ‘culture’. These are good leading indicators of future problems which can be effectively addressed by management once identified.
Although most of my work is in lower-mid market investments, I can also provide efficient review and advice for smaller ‘growth’ stage investments.
Technology enabled and led businesses cut across all business sectors. With the commercial advantages this brings also comes an increased risk profile, particularly with regards Cyber Security. However privacy is much wider than security and we are now seeing consumers challenging processing activities that potentially threaten entire business models.
Honoring data subjects rights is no longer simply a legal compliance requirement, it’s a part of their brand experience. Doing it well or badly can set services apart from the competition.
With 20 years experience designing, building and marketing digital services I bring a creative ‘customer experience’ led approach whilst embracing legal compliance.
On paper organisations operating in the third sector face the same requirements as those in commercial environments. There are however additional challenges that relate to data sharing, particularly when servicing public sector clients. In addition, being unable to rely on Legitimate Interest for direct marketing activity can complicate donor and supporter engagement and fundraising efforts.
I bring an extensive experience of charities, housing associations and membership organisations that enables me to offer pragmatic and appropriate data privacy advice.
Winning with data protection really does require you to keep one eye on the ‘big picture’. Sometimes the best way of doing that is literally with a big picture. Have a look at this one I’ve used it a lot - it might help you too.
At the end of the Brexit transition period the UK will have some new obligations, regardless of the adequacy decision. One of these is the requirement for UK controllers to appoint a representative based inside the EU.
Accountability is one of the core principles of GDPR, but means different things to different people. It’s also moving goal posts for exec teams who want assurance that the principle is being met. Some help might be at hand from some ICO guidance on the subject.