Risk communication strategies in the context of COVID-19
Risk communication strategies in the context of COVID-19
Since the beginning of the COVID-19 outbreak we have repeatedly been reminded of the important role that effective risk communication plays in response and recovery. The absence of a vaccine ...
Helping SMEs better cope with the GDPR
Helping SMEs better cope with the GDPR
As part of the STAR II project, TRI has been working on better understanding how small and medium enterprises (SMEs) have coped with the GDPR, and the challenges they have ...
The practice of ethics at Trilateral: How we make ethics meaningful in technology design, policy and research
The practice of ethics at Trilateral: How we make ethics meaningful in technology design, policy and research
At Trilateral, we strive for an approach that puts ethics into action, by grounding it in our work in technology development, governance, and beyond.  To celebrate the Global Ethics day ...
How to keep COVID-19 temperature checks privacy compliant
How to keep COVID-19 temperature checks privacy compliant
In order to protect staff, customers and visitors from exposure to COVID-19, many businesses and organisations are installing temperature checking systems to monitor individuals when on-site. It is important, however, ...
Advancing Standardisation and Interoperability for Effective Crisis Management
Advancing Standardisation and Interoperability for Effective Crisis Management
Trilateral Research joins twenty-two partners from across the EU in the newly launched three-year Horizon 2020 STRATEGY project to improve the interoperability of crisis management systems, tools and operational procedures ...
Ransomware attacks in healthcare on the rise
Ransomware attacks in healthcare on the rise
The threat of ransomware is rapidly evolving in not only sophistication but prevalence. Most recently, details have come to light, exposing the extent of the ransomware attack against US-based Magellan ...
Blockchain Technologies and Cryptocurrencies: Join EUNOMIA’s Pilot
Blockchain Technologies and Cryptocurrencies: Join EUNOMIA’s Pilot
The EUNOMIA project is hosting its first pilot in the form of a competition, between October 5 and October 14, 2020. The competition will give participants a chance to differentiate ...
Behavioural Science – why do people do what they do?
Behavioural Science – why do people do what they do?
What is Behavioural Science? It is the science of understanding how people behave,  their motivations and attitudes including both their rational and irrational behaviours. It allows us to gain a ...
‘Developing an operational MACE model to enhance Lincolnshire’s multi-agency response to safeguarding exploited children’ - interview with Detective Inspector Reid Martin from Lincolnshire Police
‘Developing an operational MACE model to enhance Lincolnshire’s multi-agency response to safeguarding exploited children’ – interview with Detective Inspector Reid Martin from Lincolnshire Police
What does your role involve in Lincolnshire Police? I am a Detective Inspector, managing areas of ‘vulnerability’.  I am the Police safeguarding hub manager, responsible for managing Public Protection Notification ...
Supporting international medical responses during the COVID-19 pandemic: the NO-FEAR network
Supporting international medical responses during the COVID-19 pandemic: the NO-FEAR network
When the NO-FEAR project was launched in 2018, the large-scale threats it expected to address involved security-related incidents such as terrorism, including Chemical, Biological, Nuclear, and Radiation (CBRN) incidents. Dangers ...
AI in healthcare: paving the way with standardisation
AI in healthcare: paving the way with standardisation
AI has become one of the top strategic priorities and a key driving force of economic growth. The potential of this game-changing technology in the healthcare sector will make a ...
Rights to privacy and data protection - Reiterating the basics and busting a few myths for managers
Rights to privacy and data protection – Reiterating the basics and busting a few myths for managers
It has been a significant few weeks for data protection with the latest ruling from the European Court of Justice. After seven years of debate and legal action (Hannah Kuchler, ...
Adopting voice-to-text technologies for social good
Adopting voice-to-text technologies for social good
Imagine a world where we can focus on the people that need us and automate the fiddly tasks that often get in the way? A possible solution The last two ...
Law and ethics, not law or ethics: comments to the UNESCO recommendations on the ethics of artificial intelligence
Law and ethics, not law or ethics: comments to the UNESCO recommendations on the ethics of artificial intelligence
On July 31, 2020, Trilateral Research provided feedback to United Nations Educational, Scientific and Cultural Organisation (UNESCO) as part of a public consultation on its draft Recommendation on the ethics ...
Protecting the water sector from cyber-security risks
Protecting the water sector from cyber-security risks
Water services are increasingly finding new pathways to reduce water insecurity, through technical and organisational innovations. ‘Smart city’ measures, such as interconnected sensor technologies, deployment of drones, and the collection ...
DPO for clinical trials: Protect participants’ data privacy throughout the clinical trial lifecycle
DPO for clinical trials: Protect participants’ data privacy throughout the clinical trial lifecycle
Clinical trials are research studies performed on people that are aimed at evaluating a medical, surgical or behavioural intervention. Clinical trials recruit participants whose personal and health data is analysed ...
Adopting an evidence-based approach to support adolescent mental health
Adopting an evidence-based approach to support adolescent mental health
In this interview, we discuss the new Guy’s and St Thomas’ Charity programme dedicated to support adolescent mental health. Tamsyn Roberts, Programme Director, and Rob Parker, Head of Data Analytics, ...
What are the Hottest Trends in Science and Technology?
What are the Hottest Trends in Science and Technology?
Working alongside our partners in the PREFET project, Trilateral support researchers in early detection of promising ideas accelerating the kick-off of their development thus increasing the probabilities of becoming successful ...

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.