DCS
Data protection by design, GDPR, privacy
Combating child exploitation with ethically designed technology
Government services throughout the UK gather more data than the various agencies can process, leaving them wondering who might be slipping through the cracks from the lack of ability to ...
Water sucurity
Preventing and mitigating water insecurity
The WHO and UNICEF reported in 2019 that at least 2.2 billion people around the world lack safe drinking water. Despite this, these threats are often presented as a distant ...
CURSOR H2020 project
Developing innovative tools for improved search and rescue operations
In the face of natural or man-made disaster, urban search and rescue teams and other first responders like police, medical units or civil protection race against the clock to locate ...
Fairness in Algorithms
Bias in machine learning: How to measure fairness in algorithms?
ProPublica, a nonprofit media organisation, published a seminal article in 2016, entitled Machine Bias. In this piece, they claim that the risk assessment software used by the US judiciary to ...
Populist narratives
Analysing “populist” narratives – what are the ethical and social implications?
With the rise of populist parties in Europe over the past few years, the question of populism has gained much interest from researchers seeking to better understand the specificity of ...
GDPR training
Developing GDPR training materials for data protection authorities
We are delighted to introduce the STAR GDPR training material. As a result of the collaboration between the Law, Science, Technology & Society research group at VUB (https://lsts.research.vub.be/), the Hungarian ...
Human security
A people-centred approach to military planning: why it matters
Preparing for and responding to today’s dynamic conflicts and complex crises requires military planners to develop a strong and deep understanding of the range of threats that affect the security ...
Ethics and the digital society
Ethics in the digital society
We are delighted to announce that David Wright will be giving a lecture on Ethics in the digital society on 28 November 2019. The lecture will take place in Paris ...
The GDPR: A business imperative
The GDPR: A business imperative
In this article, we look at what it means to be GDPR compliant and the benefits of doing so. Referring to the latest study carried out by the European project ...
Recruitment, Retention and Career Progression of Women in Academia
Recruitment, Retention and Career Progression of Women in Academia
We are delighted to announce that GEARING-Roles is organising its first project annual conference, which will be taking place on the 27 November 2019 at the University of Lisbon in Portugal ...
COPKIT project
Join the Ethical and Societal Impact Advisory Board of the COPKIT project
Trilateral and COPKIT partners are now looking for new members to join its Ethical and Societal Impact Advisory Board (ESIAB) to support the project’s development in addressing ethical, legal and ...
EERAdata, Energy efficiency
Prioritising investments in energy efficiency
The lack of the overall understanding of the impact of energy-efficient investments has made it difficult for policymakers to integrate it into their policymaking process. There is a need to ...
Drones GDPR
Privacy, data protection and drone operations: the new EASA Guidance
Trilateral’s DroneRules PRO materials on privacy and data protection have been included in official European Aviation Safety Agency Guidance to assist the drone industry to comply with the new EU ...
PREFET Trendington
A European Discussion Around the Hottest Trends in Science and Technology
We are delighted to announce that the PREFET project team is organising the Trendington event, that will take place in Madrid, Spain, on November 13 and 14, 2019. The PREFET ...
Vulnerable, human trafficking
What are the factors that make individuals vulnerable to human trafficking?
At Trilateral Research we take pride in our work and research in the human trafficking and migration fields. Following the recent incident in Essex where 39 alleged migrants of Vietnamese origin, ...
ROXANNE project, criminal network analysis
Developing new technologies to speed up criminal network analysis
Trilateral Research joins LEAs, industry and researchers from 16 countries to develop a novel platform combining advances of speech, language and video technologies and criminal network analysis for supporting investigators ...
Cybersecurity Risk_Data Protection Compliance_resized
Cybersecurity Risk and Data Protection Compliance
A recent article by Boston Consulting Group outlined how organisations should assess cybersecurity risks in order to target spending on the risks most likely to have a significant financial impact ...
Drones data privacy online course
Training sessions for drone professionals – Online Data Privacy Course
On 25 September 2019, Trilateral conducted, in cooperation with RoboAcademy, a DroneRules PRO training session at the Faculty of Aerospace Engineering TU Delft in the Netherlands. This was the final ...

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.