Our mission is to help organisations with privacy guidance and data protection compliance with zero-fuss.
We aim to seamlessly integrate with your organisation to provide expert-driven compliant solutions. Enabling you to keep personal data safe and secure so your customers can trust you.
The General Data Protection Regulation (GDPR) applies to every organisation in the UK that handles or processes personal data.
Under GDPR, individuals have increased rights regarding their personal information, including the right to access, correct, and delete their data. Organisations that handle personal data must ensure it is collected legally and under strict conditions, and they are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners.
Off-site pre-assessment
We learn everything about your business and process during an initial off-site assessment.
Department one-to-ones
We hold meetings with department heads to discuss personal data used in their team.
Senior team
Walkabout with a senior staff member to understand the “office floor privacy culture” if required.
Off-site reporting
We complete a detailed report of our findings in traffic light format – with an Executive Summary.
Roadmap
A Roadmap to compliance will be delivered with our report.
General Data Protection Regulation
It came into force across the EU 25th May, 2018
It affects any business, or organisation that processes and holds personal data of individuals residing in the EU.
No matter what your size, if you have a website, clients, suppliers, or employees, then you will hold personal data… so the GDPR applies to you.
Personal data is any information that relates to an identifiable living person. Names, email addresses, telephone numbers and even cookies from websites fall into this category.
Sensitive data, or “special category” data refers to data that uniquely identifies a person – this could include genetic and biometric data (ie, fingerprints), sexual health data, race and ethnicity information.
The UK refers to the Data Protection Act 2018 and the GDPR together. While the GDPR is the main document for reference, there are certain instances where the DPA2018 takes precedence – such as matters of national security.
The UK left the EU on the 31st January 2020 and the DPA2018 became our sole data protection framework – and is the law, not a choice.
Further details: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/12/data-protection-and-brexit-ico-advice-for-organisations/
While there are a few exemptions, most businesses that process personal data must register with the ICO. Failure to do so can lead to a fine.
Fines are now tiered, depending on the severity of your failure to comply. The maximum fine is 4% of global turnover, or €20m, whichever is greatest. Less severe violations can receive a fine of 2% of global turnover, or €10m.
If you are a public authority, or your main business focus involves the large-scale processing of data, or special categories of data, then you may be required by law to appoint a DPO.
No – but you must keep an internal record of all data breaches. If the breach is unlikely to result in a serious risk to the rights and freedoms of the individuals, then the breach should be reported to the ICO within 72 hours of being discovered – and the individuals affected without undue delay.
A data breach is any unauthorised or illegal destruction, loss, alteration, or access to personal data. That may include sending an email to the wrong person, or losing your laptop, mobile phone or USB stick!
As with our ethos, our pricing structure is simple, straightforward and highly competitive – you only pay for the time we work! Here are some of our popular services and packages.
GDPR GAP Analysis is billed at £150 per hour.
We offer GDPR GAP Analysis to suit your risk appetite and budget. This ensures the gaps in your compliance are addressed in a timely manner.
GDPR Compliance Projects are billed at £150 per hour.
Based on your PRIVACY HELPER GDPR Gap Analysis or an initial Discovery, the objective of a PRIVACY HELPER Compliance Project is to create an effective Data Protection Framework by addressing identified areas of non-compliance.
Outsourced Data Protection Office (DPO) £595 a month for a typical SME service
Managing an effective Data Protection Compliance Framework and upholding Data Protection obligations requires an expert knowledge of relevant laws, best practices and GDPR-related Risk.
Following a strategic review of our data protection provision across the Trust, we appointed PRIVACY HELPER as our outsourced Data Protection Officer. As part of the engagement, they have provided invaluable advice, support and operational maturity to our privacy program. The team communicate really well and are incredibly responsive to both ad-hoc and urgent requests and deal with issues that arise in a way that provides an outstanding level of assurance.
With dedicated support and encouragement, PRIVACY HELPER have ensured that over time, the Trust and our staff are empowered to make better decisions about how we process personal data and their efforts have reduced the fear and complexity around compliance with data protection law.
iCabbi hand-picks partners to offer value-added business services to complete our end-to-end offering to taxi companies. With companies required to demonstrate compliance with GDPR, we are delighted to welcome PRIVACY HELPER –a top UK data protection consultancy – as an iCabbi partner, providing specialist GDPR guidance to all our European fleets.
We engaged with PRIVACY HELPER for our outsourced DPO Service when GDPR came into force – and the team integrated themselves with the business at all levels – demonstrating an understanding of the gambling industry legislation, as well as data protection. They offer clear and pragmatic advice when speaking to staff – and have helped us establish internal processes which protect the business from unnecessary privacy risks. We would have no hesitation in recommending their outsourced data protection services to other organisations.
We were delighted to have Andy Chesterman of PRIVACY HELPER host a recent webinar for us on ‘Marketing Compliantly’. Andy’s knowledge and insight of the subject is invaluable and is relevant for all businesses big and small.
We work hard to comply with the GDPR, and we needed a specialist that we could contact to ask random questions on the subject – and the GDPR Support Service offered by PRIVACY HELPER was a perfect fit.
The PRIVACY HELPER Team know our business model, so are able to respond swiftly to our questions – and in a way the business can interpret. We would have no hesitation in recommending this Support Service to other small companies keen to embrace data protection.
The PRIVACY HELPER Team have been instrumental in helping us to understand our obligations as data controllers – from conducting our initial GDPR GAP Analysis back in 2018, to responding to data subject queries as they have arisen. The team are clearly passionate about data protection and we’ll be relying on their expertise to further support our growth – we can’t recommend them highly enough.
The Government announced the introduction of the Data (Use and Access) Bill (DUA Bill) in the House of Lords on 23rd October 2024 – the first draft of Labour’s proposed changes to data protection law following the failure by the former Conservative Government to embed their Data Protection and Digital Information Bill (DPDI Bill) in law.
