• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

Data Protection Act (DPA) Consultancy

---

• overview;
• service offering;
• approach
• benefits
• next steps

Overview

The objective of the DPA is to control the collection, storage and use of personal data.

It is applicable to data held in a range of different forms (including images and sound as well as text) and media (paper, electronic, microfilm, etc).

The legislation centres around the eight DPA principles and any organisation processing personal data must comply with it. Breaches of the DPA, where personal data is subject to unauthorised erasure, modification, use or disclosure can be a criminal offence. Recently the maximum fine that the Information Commissioner can impose is £500,000 per offence.

A new standard, BS 10012 Data Protection - Specification for a personal information management system (PIMS) has been released to support compliance with the DPA.

Service Offering

BCRM, who had some of the 'guinea pigs' that passed the ISEB Certificate in Data Protection, has always recommended organisations to implement a management system that has inbuilt continuous improvement. BS 10012 now provides this and the PIMS can be built into a PAS 99 based integrated management system. The PIMS provides a framework to enable organisations to maintain and improve compliance to both UK and European Legislation.

BCRM can assist you by:

• advise on contractual matters when dealing with personal data, including trans border data flow;
• advise on data protection issues in database, or other, developments, where personal data is to be processed;
• assessing risks to that personal information;
• assist and provide guidance to your Data Protection Officer as required;
• assisting you in ensuring that your notification is correct;
• continuously improve the PIMS and your effectiveness of protection personal information in your care.
• develop and implement appropriate audit processes to verify compliance against your policies, procedures and the DPA itself;
• developing and implementing policies, processes and procedures to support the eight DPA principles;
• ensuring that a robust subject access request process (SAR) is in place;
• identify and implement corrective and preventive actions;
• identifying and allocating roles and responsibilities throughout your organisation;
• identifying the personal information processed within your organisation;
• managing incidents that may result in a breach of the DPA;
• providing and delivering training to all of your employees in the DAP appropriate to their delegated roles within your organisation;
• undertake audits to verify compliance against your policies, procedures and the DPA itself;

Approach

We approach each project in the same manner:

• definition of the scope of of the project;

• define and agree the legislation and regulation applicable;

• understand your business;

• undertake a risk assessment;

• perform a gap analysis;

• agree work to be performed and delivery format;

• define and agree workflows;

• produce and agree documented procedures;

• implement awareness training;

• ad hoc advice as required;

Benefits

The BCRM approach ensures compliance with DPA requirements by:

• designing processes and procedures specific to your business;
• developing and delivering relevant training for all your employees to meet their DPA obligations;
• developing innovative solutions to address your DPA compliance issues;
• ensuring that processes and procedures for DPA compliance are documented and tested;
• ensuring your Data Protection Officer and Compliance Officers have the relevant competence to perform their duties in line with DPA requirements;
• increasing customer and public confidence in your products and services;
• managing and treating significant risks to reduce them to an acceptable level in line with risk appetite;
• taking some of the burden off your overstretched Data Protection Officer and Compliance Department;

Next Steps

• BCRM has a number of other service offering, these are listed here;

• BCRM is committed to providing a consistently high value service to our Clients;

• Sian Watson and David Lilburn Watson, who remain personally 'hands-on' throughout the process, manage this process.

• to understand how the BCRM suite of offerings can be used to transform your business, please contact us

• we look forward to discussing your specific requirements, at your convenience;

• we offer a free Health Check for the DPA;
• whatever other type of consultancy you require, we can possibly offer a free Health Check.