Privacy Services
I provide independent consulting services to help senior leadership teams to improve data handing, privacy management and compliance. I work on a project basis to affect change and bring operational improvement.
Assessment & Action Planning
It is easy for an in-house team or individual to get lost in detail, particularly when there are competing requirements to service the day-to-day subject rights requests along side a continuous improvement process.
Having an external assessment to prioritise effort and support to build plans that can hold teams to account can free up teams to focus on the important and work effectively.
In addition it can help to ensure that resources are correctly assigned and expectations for progress are realistic.
Typical engagements:
Audit and recommendations report - 5 days
Privacy programme improvement action plan - 5-10 day
M&A Due Diligence
With the first multi-million pound fines being issued by the ICO for compliance failings, the risks around privacy management are now crystallizing. In issuing the £99M fine to Mariott Hotel Group the ICO specifically highlighted the lack of sufficient Due Diligence in the purchase or Starwood Hotels.
Typically running along side a Legal DD exercise, I look at the procedures, policies and operating culture to identify where working practices introduce avoidable risk. My focus is the competence, capacity and attitude of the organisation to privacy risk management.
Typical engagements:
Initial summary opinion - 2 days
Detailed risk and recommendations report - 5-10 days
Compliance Support & Guidance
Even for an experienced team, having a trusted counsel who is one step removed from the day-to-day can help with confidence and improve operational efficiency. A quick phone call can save hours of wasted research or avoidable work.
My ‘base principles’ approach helps teams to understand the privacy thinking process and build in-house capabilities and expertise.
With extensive experience of the Health and Social Care sectors I am able to help teams to navigate the many complimentary regulations affecting data handling, including GDPR, DPA, Health and Social Act, Mental Capacity Act and many more.
Typical engagements:
On-site information gathering and acclimatisation - 2 days
Ad-hoc phone and email support to teams - monthly retainer
Independent contributor to GDPR or compliance committee - quarterly retainer
Privacy Experience Design
Although much privacy activity is driven by legal compliance, there exists a significant opportunity to gain competitive advantage through providing an excellent privacy experience for your customers and service users.
Particularly where trust is important for example when handling sensitive personal information, demonstrating excellent privacy practice builds customer confidence, a significant factor in trust based purchases.
Typical engagements:
Review and recommendations report - 5-10 days
Focused Privacy experience design exercise (e.g. On-boarding process, customer relationship experience) - 5 days