Protect the personal data you hold

We have services that can get you on top of the compliance mountain

Data Protection Advisory Services

Our Approach

To provide you with the greatest flexibility in picking the help you need, we’ve broken our services in to three levels:

Gyding Hand Starter Pack: Because flexibility and choice can still be difficult to fathom, we have put together a basic package of services to just get you going.  This is a fixed price with clear deliverables to get you on the road to compliance.

Advisory: Usually half a day for each aspect of compliance, we provide a contact to answer your questions as you work through your own compliance plan.  This would suit the organisation that has the capacity to handle the workload, but needs help understanding what is needed
Supporting: This level of support generally starts at one day per aspect of compliance.  We would take a more involved role in the activity, providing training, advice and bolster your capacity.  This provides for those that need more than pure advice with some hands-on resource.
Greater Depth: With this type of support you get a skilled resource who can work with your team to do what is necessary to move you towards compliance.  If your organisation is lacking the available resources to get through the workload, this is for you.

Gyding Hand Starter Pack

Initial Assessment A complete day of dedicated, specialist advisory support to get you started on your GDPR journey. This would include support in completing the Gydeline assessment tool and completing a more detailed gap analysis of the current compliance status of your business
Awareness & Training Training is a mandatory requirement of GDPR and we would provide a bespoke half day of training for key people within your organisation
GDPR Project Plan We will work with you to produce a plan for your organisation to become GDPR compliant. We will bring ideas and best practice and merge this with the specific needs and circumstances of your organisation
Data Protection Impact Assessment Provision of process and templates to show you how to complete your impact analysis. In addition we will spend half a day completing an initial DPIA(s) with you
Supplier/Contract Review Half day review of of existing relationships and any personal data impacts. Review of contracts to ascertain if required GDPR elements are present
Templates Provision of a set of standard templates and processes to get you started on the GDPR journey

Advisory Services Description

Click on the tabs below to see a brief description of the services available at each level.
Initial Assessment Support in completing the Gydeline tool assessment
Awareness & Training Provide outline recommendation on awareness and training approach.
Data Mapping Advice on the creation, documentation, storage and update of data mapping
Public Communications Provide and recommend approaches to key public documents (e.g. privacy notice, policies)
Rights Advice on which rights need to be enabled and the supporting processes/systems which are required
Consent Advice on consent approach, requirements and best practice.
Impact Assessment Assessment of current Data Processing Impact Assessment (DPIA) and Risk position. Advise on process and approach.
Transfers Advice on transfer approach and key mitigations
Breaches Advice on Breach requirements and implications
Documentation Sample document approaches and templates provided and discussed
Monitoring Advice on the ongoing monitoring requirement and supporting document/system requirements
Measures Guidance on all measures and how they should be implemented
Planning Work with outputs from Gydeline to create outline plan for GDPR compliance
Project Management Advice on establishing a project process for compliance implementation
Initial Assessment (See Advisory Services)
Awareness & Training Provide outline recommendation on awareness and training approach.
Data Mapping Review existing maps and systems and recommend mapping details, clarification and documentation improvements
Public Communications Review existing/drafted notices and policies and recommend required updates
Rights Review key processes (e.g. Subject Access Requests) and ensure they are fit for purpose, meeting all rights requirements
Consent Review existing consents and process for ensuring correct consent is obtained
Impact Assessment Review of completed DPIA, recommendations and updates
Transfers Review (alongside data maps) information locations and vulnerabilities
Breaches Provide sample breach documents/reports and review existing breach processes
Documentation Review of existing document set and advice for completion/updates
Monitoring Detailed review of ongoing outputs and processes
Measures Review the implementation state of all measures
Planning Working with your business, create a more targeted prioritised plan with a set of metrics and outputs
Project Management Working with your project manager to establish processes in your organisation
Initial Assessment (See Advisory Services)
Awareness & Training Provide specific training to areas of the business focused on key areas of GDPR applicable to them
Data Mapping Map key systems and provide outputs back to the business
Public Communications Write draft notices for approval. Make legal introductions if required. Review legal basis.
Rights Detailed review of supporting IT systems and processes to ensure all rights can be enacted
Consent Refinement and changes to specific consent collection processes and review/recommendation of strategy for records maintenance.
Impact Assessment Completion of DPIA for key identified business areas
Transfers Provide detailed plan and options for safeguarding or migration of data as required.
Breaches Work to identify how systems management and monitoring can support breach requirement.
Documentation Creation of key documents and adjustment of templates to match the organisations standards
Monitoring Sample “supervisory authority investigation” to test outputs available in correct formats
Measures Work with the business to create detail implementation plans for all required measures.
Planning Create a full plan for achieving GDPR compliance – plan to include identification of those areas where compliance is likely to be difficult to achieve within initial plan
Project Management Management of defined plan and resources, including a monthly board meeting

Let Gydeline simplify your compliance needs

Contact us today and start your compliance journey