GDPR and Data Protection Officer Solutions

Sampson Hall has a proven track record of working successfully throughout any sized organisation and can advise and bring together all the functions of the business in order to ensure overall and ongoing GDPR compliance.

There is no silver bullet to ensure GDPR compliance, but arguably the biggest change is around accountability. The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation”. Elizabeth Denham, the UK’s Information Commissioner.

In order for organisations to achieve ongoing compliance and privacy by design and to embed this cultural shift in how everyone from the board down and throughout the organisation views and deals with personal data Sampson Hall have a range of either digital tools or briefing and training and awareness sessions, audits and Data Protection Officer Services.

Our range of comprehensive services:

Achieving Compliance:

Continued compliance:

Strategic Audit – an audit that will inform and reassure the Board as to exactly where they are on the compliance journey.

Organisational Audit – an audit that can be carried out quarterly, every six months or annually. It will measure an organisations current situation in terms of compliance and help to ensure that the GDPR has not been seen as a one off box ticking exercise and ongoing continuous improvement, measurement and analysis are taking place. Read more about GDPR Audits here…….

The first consideration in whether to appoint a DPO is establishing whether it is a statutory requirement, the GDPR requires all organisations to make a mandatory appointment of a DPO in 3 scenarios under article 37, which are stated as:

  1. The processing is carried out by a public authority
  2. The core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
  3. The core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to article 9 or personal data relating to criminal convictions and offences referred to in Article 10.

View our full range of DPO services here…..