Services

Our team collaborates across social science and technology, to bring insights from each to capture the benefits of data-driven innovation. We create knowledge and tools that empower our clients to transform research into innovation and innovation into impact.

Data Governance

Trilateral’s data governance services support organisations to navigate the latest regulations with confidence to maintain their high reputational standards and preserve trustworthy relationships with their clients and partners

Read more here

Research

Impact assessments

Impact assessments provide an opportunity for organisations to explore, assess, analyse and potentially mitigate a wide range of risks in relation to new information and data systems. Our staff are GDPR certified and have a deep understanding of GDPR compliance. We do not follow a ‘one size fits all’ approach, rather we tailor our solutions according to the needs of the client. Our assessments include: Privacy Impact Assessment, Data Protection Impact Assessment, Ethical Impact Assessment and Socio-Economic Impact Assessment.

Privacy-by-design support

We use a range of tools to provide privacy-by-design support services for clients looking to ensure compliance with the GDPR or responsible innovation principles. We asses user requirements, design specifications and deployment plans to embed privacy protections into new or existing systems. We work directly with technology developers and end users in agile development methodologies, providing privacy and data protection advice at every step. The result is a technology that is legally compliant and socially acceptable to users, allowing our clients to lead the way in privacy-protective innovations.

Technology assessment

The appropriate uptake of new and emerging technologies is essential for achieving impact. We assess existing and emerging technologies, taking the position that technology alone cannot be relied upon to deliver a service. We support our clients in all stages of the technology development and uptake process, including: domain mapping, gap analysis, market impact assessment, identifying user requirements and establishing scenarios for development, benchmarking and performance assessment, user experience and social acceptability. Our assessments facilitate responsible research and innovation, ensuring that technology design, implementation and use is conducted to optimise the use of technologies.

Applied research & evaluations

We provide a range of applied research and evaluation. Our portfolio includes multidisciplinary expertise in social and political science, law and human rights, technology studies, economics, computer science and engineering. Our approach combines technological innovation with a social perspective. We provide historical insights as well as looking towards the future and potential trends. We are experienced in providing primary and secondary research expertise, including qualitative and quantitative research methodologies. In supporting research and innovation activities, we offer bespoke support in conducting and enhancing ethical research practices.

Policy & regulatory advice

Our clients operate within a complex policy and regulatory framework. We assist private and public sector clients to monitor, interpret and comply with the political and regulatory environments in which they operate, and thereby shape their operations accordingly. We also support clients by conducting impact analyses across all affected stakeholders to develop new institutional or government policies, regulations and standards, and identify best practices and knowledge transfer under existing regulatory regimes.

Marketing & business model development

Bringing a product to the market requires a set of complementary services in innovation management. First, potential clients need to know that a product exists. Second, enterprises need a business model to make their product attractive to users and enable them to effectively commercialise their product. Our expert team provides digital marketing services for security, ICT, smart cities and green technologies. We also create and implement business models for new technologies developed in the private and public sectors. Combined, these allow our clients to transform innovation into impact for their products and their businesses.

Technology Development

STRIAD® Solutions

Trilateral’s technology is designed to break data silos to gain broader insights which lead to efficient and evidence based-decisions.​

Read more here

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.