Is Your Organisation A Public Authority Under the GDPR?
Is Your Organisation A Public Authority Under the GDPR?
One of the key elements to consider when assessing whether your organisation needs to appoint a Data Protection Officer (DPO), is to determine whether it will be regarded as a ...
extreme scale analytics, big data, data science
Data Science Frontiers – Capturing the benefits of “extreme scale” analytics
Extreme scale analytics is characterised by a data volume, variety or velocity well beyond traditional “big data” measures, which require new computing skills and tools able to organise and analyse ...
New technology for homelessness prevention
Can new technology help local authorities to prevent homelessness?
Homelessness has become an escalating problem in the UK. According to Shelter 307,000 people are sleeping rough or accommodated in temporary housing across the UK and this number is set ...
Trilateral Research's Data Protection Officer service
These six organisations are considering appointing a DPO – and yours?
It is advisable that all organisations, regardless of size and geographic location, duly assess whether they need to appoint a Data Protection Officer (DPO). In our previous article we illustrated ...
data assessment for protecting vulnerable persons, public authority support
Assessing your data makes you more efficient in protecting vulnerable persons
Digital transformation can simplify and make processes more efficient, enabling local authorities and the public sector to assist citizens and those most vulnerable in society better. In the UK Government’s ...
DPO service to comply with GDPR
Data Protection Officer: what is it and – most importantly – do you need one?
Data Protection Officer: what is it and – most importantly – do you need one? Organisations in Europe and abroad are preparing for 25 May 2018, the day on which ...
digital transformation for the public sector, clarity project
Digital transformation for the public sector: The case for National Health Services
Public authorities across Europe are under pressure to maintain and improve the quality of public services despite austerity cuts and demographic changes, which see an ageing population requiring increasing health ...
DEVELOP Ethical, Legal and Social Impact Assessment
Assessing the Ethical, Legal and Social Impacts of new technologies: the DEVELOP project case study
Trilateral’s interdisciplinary team is made of data scientists, computer scientists, social scientists and ethical and legal experts who develop, test and implement technologies that pay attention to ethical, legal and ...
technology assessment for GDPR implementation
Part IV. Are you a public or private organisation assessing your technology for the GDPR?
In this fourth part of our series on the technology assessment required for the GDPR implementation, we are looking into access procedures, policy, and legal contracts. Within this series, we ...
The ResiStand Final Conference: boosting disaster resilience through standardisation
The ResiStand Final Conference: boosting disaster resilience through standardisation
ResiStand is a a two-year project (May 2016 - April 2018) that aims to identify new ways to improve the crisis management and disaster resilience capabilities of the European Union ...
Combining technology and social sciences for sustainable innovation
Combining technology and social sciences for sustainable innovation
Trilateral Research’s integrated approach combines technology and social sciences to deliver sustainable impact. In fact, our interdisciplinary team is made of data scientists, computer scientists, social scientists and ethical and ...
Part III. Are you a public or private organisation assessing your technology for the GDPR?
Part III. Are you a public or private organisation assessing your technology for the GDPR?
In this third part of our series on the technology assessment required for the GDPR implementation, we are looking into access control and security. Within this series, we have shared ...
Assessing the Privacy and Ethical Impacts of new technologies, RAMSES project
Assessing the Privacy and Ethical Impacts of new technologies: the RAMSES project case study
With expertise in privacy, data protection and ethics, Trilateral support responsible innovation and the operationalisation of privacy and data protection. A prime example of our work in this area is ...
What impact will new technologies have on our lives? Job losses or new opportunities?
What impact will new technologies have on our lives? Job losses or new opportunities?
Trilateral Research’s SIENNA team is researching the social, economic and environmental impacts of new technologies. As part of the SIENNA project (a Horizon 2020 project funded by the European Union), ...
Part II. Are you a public or private organisation assessing your technology for the GDPR?
Part II. Are you a public or private organisation assessing your technology for the GDPR?
In this series, Trilateral Research analyses key risk assessment areas for the GDPR implementation. This second week, we are looking into the assessment of data storage, retention, and deletion.  This ...
Developing privacy enhanced technology, community policing
Developing privacy enhanced technology: The INSPEC2T project case study
Whilst we can gain great benefits from innovative technologies that are enabling society to generate and process vast amounts of data, regular reports of privacy and customer data breaches remind ...
GDPR compliance
Part I. Are you a public or private organisation assessing your technology for the GDPR?
At Trilateral Research, we have worked with several organisations within the public and private sector to assess their current technology for the GDPR. In this series, our technical team will ...
AI ethics, foresight and ethics by design: Digital Ethics Summit
AI ethics, foresight and ethics by design: Digital Ethics Summit
The Digital Ethics Summit held in December 2017 focussed on AI ethics, foresight and ethics by design. The messages coming out of the summit are highly relevant for everyone who ...

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.