Question? Call Us +44 330 122 8239

Data Protection Validation & Audit

Demonstrating Accountability

A key driver of the value of your data is that your organisation must have the lawful right to use the data in a way which is compliant with applicable laws and your contractual obligations.

Any potential risks associated with your collection and use of personal data – including those posed by third parties you share data with – will reduce its value.

We offer a way to obtain independent, third party validation of the extent to which your business or its suppliers and data processors meet their obligations under privacy legislation including the Data Protection Act 2018 and GDPR.

Audit & Assurance

Areas we review

  • Accountability Arrangements

    The extent to which your data protection roles, policies and procedures and mechanisms to monitor compliance meet the Accountability principle.

  • Records Management

    The processes in place for managing personal data including controls to monitor the creation, storage, sharing, retention and destruction of personal data records.

  • Lawful Processing

    The steps your organisation has taken to identify and record the appropriate lawful bases on which it processes personal data. How you provide transparent information to Data subjects.

  • Security of personal data

    The technical and organisational measures in place to protect personal data and your organisation's procedures for managing data breaches.

  • Data Subject rights

    The procedures in operation for recognising and responding to individuals’ requests under Data Subject rights e.g. for access to their personal data.

  • Training & Awareness

    Your provision of staff Information governance training and the awareness of data protection requirements relating to their roles and responsibilities.

Implementation

Helping you manage information governance risk

Once we understand the gaps which need to be closed, we build a solution which includes helping you roll out a privacy friendly culture to all parts of your business. We create any new processes and documentation and help embed them within your company culture, starting with the quick wins and managing the process of anchoring new approaches and processes into your BAU operations including:

You're never on your own

Complying with privacy regulation is not a one off commitment and, unfortunately, there is no finish line or silver bullet to make it all go away. The regulatory landscape is always changing and your business and the needs of its customers will change over time. We offer a range of ongoing support packages from regular reviews and ad hoc assistance to our range of managed privacy services to help support your privacy function in expert, cost effective ways. We are never more than a phone call away if you need some assistance.

Frequently asked questions

There is no such thing as being ‘GDPR certified’ nor are there any recognised seals which confirm any status like ‘GDPR compliant’. Schemes, seals and certifications may become available in the future but, for now, it can be a bit of a minefield when assessing whether you – or those businesses with whom you share data – offer “sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”

Why not go straight to the jugular? The quick answer is ‘it depends’.

It depends on the complexity of your organisation and the personal data it uses. It depends on the maturity of your information governance programme.

What we can say is that we prefer to work on a fixed cost basis where possible – a cost you will have before we start any work.

It costs nothing to find out if we’re right for each other and to get all your questions answered. Why not get in touch?

We start with an in depth review of your organisation’s privacy compliance and culture. We liaise with your senior management and all departments to understand the privacy regimes which impact your business and the steps you have already taken to comply with them.

Most of all, we find out about the privacy related challenges you face and the business benefits which may come from addressing them. We help set the objectives for your audit so we can provide an in depth road map to achieving them.

The exercise is conducted using a combination of on site or virtual workshops and automated tools which help streamline the process and allow you to easily attach and share necessary evidence with the Fidabona team for review.

Our privacy professionals will review and analyse all the supporting documentation you have provided and prepare an in-depth findings report which you can use to help demonstrate the measures your organisation has taken to comply with privacy legislation to your customers, business partners and company leadership.

Of course. In the same way our validation exercise can help provide comfort to your business partners, our supplier audit service can review the extent to which your suppliers or other organisations you share personal data with have taken steps to meet their privacy obligations.

Audits can be either as part of a response to issues or concerns you have identified or as a part of your wider supply chain management.

Our Privacy Validation exercise can look at your business as a whole or focus on specific areas.

It is based upon industry best practice, ICO and European Data Protection Board guidelines and reviews key compliance areas including internal policies, DPIA processes, personal data breach response, Data Subject rights processes and DPO functions.

Above all, we aim to add value to your business; offering solutions which provide a pragmatic way to develop new and better data-led services built in privacy friendly ways helping you engage more customers.

Get Started

Let's talk about your needs

We know. This is normally where you’d see an easy to submit enquiry form. One that’s likely an entry into a lottery whether you’ll get a response or not. 

Get the answers you need. We don’t bite.

Use live chat or book in a no obligation online meeting to help us get to the bottom of how we can best help you (invite some colleagues if that will help).

Learn More

Related Insight

Related Events

jQuery(function($){ $(document).on('click','.elementor-location-popup a', function(event){ elementorProFrontend.modules.popup.closePopup( {}, event); }); });
@font-face { font-display: block; font-family: Roboto; src: url(https://assets.sendinblue.com/font/Roboto/Latin/normal/normal/7529907e9eaf8ebb5220c5f9850e3811.woff2) format("woff2"), url(https://assets.sendinblue.com/font/Roboto/Latin/normal/normal/25c678feafdc175a70922a116c9be3e7.woff) format("woff") } @font-face { font-display: fallback; font-family: Roboto; font-weight: 600; src: url(https://assets.sendinblue.com/font/Roboto/Latin/medium/normal/6e9caeeafb1f3491be3e32744bc30440.woff2) format("woff2"), url(https://assets.sendinblue.com/font/Roboto/Latin/medium/normal/71501f0d8d5aa95960f6475d5487d4c2.woff) format("woff") } @font-face { font-display: fallback; font-family: Roboto; font-weight: 700; src: url(https://assets.sendinblue.com/font/Roboto/Latin/bold/normal/3ef7cf158f310cf752d5ad08cd0e7e60.woff2) format("woff2"), url(https://assets.sendinblue.com/font/Roboto/Latin/bold/normal/ece3a1d82f18b60bcce0211725c476aa.woff) format("woff") } #sib-container input:-ms-input-placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; } #sib-container input::placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; } #sib-container textarea::placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; }
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Newsletter

Subscribe to our newsletter and stay updated.

window.REQUIRED_CODE_ERROR_MESSAGE = 'Please choose a country code'; window.EMAIL_INVALID_MESSAGE = window.SMS_INVALID_MESSAGE = "The information provided is invalid. Please review the field format and try again."; window.REQUIRED_ERROR_MESSAGE = "This field cannot be left blank. "; window.GENERIC_INVALID_MESSAGE = "The information provided is invalid. Please review the field format and try again."; window.REQUIRED_MULTISELECT_MESSAGE = 'Please select at least 1 option'; window.translation = { common: { selectedList: '{quantity} list selected', selectedLists: '{quantity} lists selected' } }; var AUTOHIDE = Boolean(0);

We use Sendinblue as our marketing platform. By Clicking above to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use

jQuery(function($){ $(document).on('click','.elementor-location-popup a', function(event){ elementorProFrontend.modules.popup.closePopup( {}, event); }); });

Hooray!

We're excited you'd like to come along!

However, we need to tell you something important before you do:

How we use the personal data you provide when booking to attend an event.

In short, we ask for your name, email, the organisation you represent and phone number. For paid events we also collect billing information to process your order. We use this information to manage the event and your attendance by sending you email and SMS (if you provide a mobile number) confirmations and reminders about the event and any replays which are available. For some events we may invite you to complete optional surveys to either help us tailor the event beforehand or get feedback from you after the event is over.

The information you provide will be transferred to our Webinar platform provider where we use analytics to help measure the effectiveness of our webinars e.g. record whether you attend the event and how long you attended for. We also store your information in our CRM where it may be combined with publicly available information about you or the organisation you represent (such as that from LinkedIn or Companies House) and your communications with us. This combined picture will be used to help identify which of our services may be of interest to the organisation you represent; so, yes, we may market to you but only in your professional capacity and only in a targeted way once we know more about how our services may be of benefit to the organisation you represent. Above all, we promise to stop when you tell us to.

Please see our Website Privacy Notice for more information.

Subscribe to get 15% discount