In addition to the services advertised on our website, we provide many more consultancy services in the field of data protection. We can also help you with:
The public can ask public authorities to release recorded information which is held by those authorities. Such requests can be made under a variety of Freedom of Information legislation. Public authorities are required to assess the request made by person and then respond accordingly.
However, not all requests are reasonable, proportionate, or require a full response. Information Governance Services has extensive Public Authority experience in responding to freedom of information requests, standard operating procedures for dealing with requests as well as internal reviews associated with those freedom of information requests.
Whatever your freedom of information needs are, we can help you.
People have the right to ask an organisation whether or not they are using or storing their personal data. Beyond this, individuals also have the right to ask for copies of the personal information. This makes up a subject access request (SAR).
Whilst some subject access requests are simple and can be responded to quickly and effectively, other subject access requests are lengthy and convoluted. Information Governance Services has extensive experience in respect of subject access requests and can provide your organisation with advice in how to respond to subject access requests.
Our staff have worked within organisations which have been subject to SARs and have experience in dealing with such requests. With our experience, we hope to assist you and your organisation with these requests. We can assist with specific requests, or improve your overall organisational practices to dealing with requests as a whole.
Data security incidents and Data breaches, sadly, happen all the time. These incidents can be down to a variety of issues, from uncompliant or poorly designed technical infrastructures, to poor organizational practices and/or human error.
Some breaches, where they result in a risk to the rights and freedoms of individual/s affected, need to be reported to the supervisory authority without undue delay (and always within 72 hours).
We provide a variety of pro-active and retro-active support to organisations regarding data breaches:
The exchange and sharing of data is invaluable in business transactions. When organisations procure services from another, the buyer and the supplier will need to establish what data is and is not collected, how that data is used, how it is stored, the methods of which it is transferred, how long that data is retained, the relationship and controllership arrangements of that data etc.
Reviewing data protection clauses in contracts is complicated. You need to have someone who knows your organisation, knows the law, and is able to represent your organisation in its best interests and make sure that the terms are fair and representative of the practices that are taking place. You need experts who know the landscape inside and out to make sure that the data processing is lawful, compliant and meets all of the expectations of your customers.
Our consultancy team is predominantly made up of trained lawyers, and as such, we understand and can maneuver contracts with ease. Securing us as an IG support provider means that you can have confidence in ensuring your contracts with your business partners are representing your best interests.
Before any transfer of data takes place, organisations need to make sure they have data sharing or data processing agreements in place with third parties who will be processing data on their behalf. Whether you are a data controller who is procuring a data processor, or whether you are a data processor procuring a sub-processor, we have you covered.
We know the landscape inside and out, and routinely draft agreements on all manners of sharing and processing agreements, from simple to complicated. Many organisations share data without the proper agreements in place, meaning that you lose control over what happens with that data, and that you are in breach of data protection legislation.
Utilising us as a service provider means that we will ensure that the agreement captures the expectations of all of the parties, and that the processing of the organisations is compliant with data protection legislation. You let us know that data processing is being undertaken by another organisation, and we will do the rest.
In the post-Schrems era, international transfers from outside the UK/EU are a hot topic in data protection. If your organisation is transferring data outside of the UK/EEA, you need to make sure that you are lawfully transferring the data lawfully.
Many technology companies are based in the United States of America, and given that the United States of America has no adequacy decision for the lawful and safe transfer of data from the EU to the US, such transfers must be made in
The majority of transfers to organisations outside the UK/EEA are done by the means of ‘Standard Contractual Clauses’, which changed in 2021 to require organisations to undertake an international transfer risk assessment of the data transfer in question.
There are occasions where you are required to liaise with the data protection supervisory authority. More often than not, this is when something has gone badly wrong, and you may be at risk of having action taken against you. This can be a daunting and stressful exercise, particularly if you do not have any prior experience in communicating with the regulator.
Controllers and processors are entitled to have a representative to communicate with the regulator on their behalf. In consultation with you about the relevant issue, we are able to communicate with the regulator on your behalf, representing your best interests.
Utilising us to communicate with the regulator makes sure that you are providing the right information, but are also protecting your interests in the best possible way.
The UK GDPR mandates that organisations who have no offices, branches or other establishments in the UK but offer goods or services to individuals in the UK or monitor the behaviour of individuals in the UK appoint a UK representative to act on your behalf. You need to have a representative who will act in your best interests, advising you as an organisation of the practices and legislation you need to be compliant with in order to undertake your operational activities in the UK
Information Governance Services Limited offers a competitive and tailored UK Representative package for organisations outside of the UK in order to ensure that you remain compliant with UK GDPR.
This package is flexible and we will tailor our services to fit the preference of your organisation. Primarily, we would provide an option for data subjects and/or supervisory authority to engage us on all data protection issues related to the processing of personal data as your UK representative. The level of cooperation between us will vary depending on your organisational structure and the processing in place.
For more information or to organise a quote, please contact us to make an enquiry.
Data sharing can be complicated. Sometimes, organisations are involved in various forums regarding information governance where appropriate data access and best practice is discussed and documented in an open forum. We have experience in chairing, administrating and advising a variety of information governance forums.
We can improve the process for existing forums, and advise in forums on your behalf to represent your organisation’s best interests, protecting the data which you control – and protecting the data subjects’ rights at the same time.
No matter your organisation’s size, industry or needs, we are able to provide you with the data protection expertise and support you require.