Data Protection
Our customers manage highly sensitive information as part of their core business processes. Now that the UK General Data Protection Regulation is well established, it is essential that you take the necessary precautions to protect personal information. Your data subjects can expect the highest standards of protection of their data and Guardian Saints can help you to achieve that.
“ If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. "
Elizabeth Denham, Information Commissioner
Gap Analysis
How close are you to compliance?
Our qualified consultants will work together with you to map your alignment with the UK GDPR and Data Protection good practices.
DPO Role
Our Data Protection Officer as a Service
Not all businesses can resource a skilled in-house DPO. We can provide DPO as a Service to organisations that need to fulfil the role.
Awareness Training
A requirement under the UK GDPR
We can provide bespoke training services based on your own policies and procedures to make sure everyone gets the message.
GDPR Consultancy
The UK General Data Protection Regulation (UK GDPR) was implemented in the UK post-Brexit in 2021. The UK GDPR has some changes from the 2018 implementation of the EU GDPR but the focus remains on protecting the rights of data subjects.
We specialise in the provision of UK GDPR and Cyber Security consultancy for the fostering sector. The UK GDPR has some very specific impacts on Independent Foster Agencies, which will affect how they manage data, as; how data is processed by foster carers and how cared for children manage data in their own right.
Information Commissioner Elizabeth Denham has been clear about the importance of organisations, especially those handling 'special categories of personal information’ such as Independent Fostering Agencies, to ensure the rights of data subjects are met.
As trained UK GDPR readiness assessors via the IASME scheme, Guardian Saints members are working with Independent Fostering Agencies to raise awareness of the UK GDPR, its implications and obligations, and to help them implement the necessary policy and process changes.
Data Protection Officer
Regulatory Requirement
A Data Protection Officer (DPO) is required where: ‘the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.’
Businesses have to decide whether they require a DPO.
The UK GDPR Article 37 describes the requirements in particular, Section 1, paragraph c, is helpful for fostering agencies to determine if a DPO is required.
Data Protection Officer's Role
According to the UK GDPR, the DPO must have:
● knowledge of Data Protection Law
● understand the data management and processing of personal information
● be able to monitor compliance within the regulation
● have independence from the core data control and processing functions
DPO as a Service Arrangement
The role can be assigned to an employee of the organsation that has the requisite skills, independence and knowledge of data protection law.
If the organisation cannot fulfil the role, they can use an external service company, where appropriate a group of companies can share a DPO in a ‘DPO as a Service’ arrangement.
Start the Conversation
Testimonial
Guardian Saints input has provided us with confidence when dealing
with breaches, both our own and those of third parties.
From that strong foundation we have been able to tackle Data Breaches by
local authorities and attain very successful outcomes on behalf of our aggrieved families.
Quick to respond, accurate and always going the extra mile to ensure compliance and understanding I cannot recommend Guardian Saints DPO service highly enough.
Daniel Lansley - Group Business Development Manager
Next Step Fostering Group
Exploring the impacts of The UK General Data Protection Regulation on the Fostering Community
Education through training and workshops
About our Workshops
Industry Expert Presenter(s)
Interactive
Q&As
Certificates Awarded
Resources and training material provided
Now that the UK GDPR has been embedded into our lives, Guardian Saints take a retrospective look at how the regulation has impacted fostering and associated disciplines. As DPO for a number of fostering agencies, we can draw on real anonymised data across many agencies to provide a fact-based seminar for the sector’s thought leaders.
Partners, directors, trustees and operational staff will benefit from our workshops that can be structured to contain specific modules such as dealing with a data breach, constructing a Data Protection Impact Assessment or any other element of UK GDPR compliance activity that delegates will find helpful in their information management.
Our workshop is typically set over one day and is delivered by a data security industry expert whom is an IASME accredited UK GDPR readiness assessor, we aim to cut through the jargon and put the obligations clearly into a fostering context. The workshops are cantered on themes the fostering community talk to us about the most, including:
● Does Brexit Change Anything?
● Definitions of Personally Identifiable Information (PII)
● Special Category Data – What is it?
● Roles and Accountability For Data Controllers and Data Processors
● What Countries Can European PII Data Be Processed In?
● Should We Worry About Third Parties such as independent therapists?
● What Countries Can European PII Data Be Processed In?
● Consent – Where in your business processes is this a relevant lawful basis?
● Subject Access Requests a challenge in time and logistics
● Who Really Needs a Data Protection Officer?
● Consequences Of Data Breaches & Process Failures – What’s the story?
To help the fostering organisations to understand the impact of UK GDPR and the changes they need to make to comply with the new law or to assess their compliance maturity level, Guardian Saints frequently host workshops around the country.
All staff that manage personal information must be trained regularly to ensure that data handling procedures, subject rights requests and general cyber security are understood
and become embedded into the corporate ways of working.
Our Data Protection and Cyber Security Awareness sessions are built around our social care and charity knowledge providing focused and relevant training.
Some of your staff will perform specific Data Protection roles, such as dealing with Subject Access Requests or Data Privacy Impact Assessments.
We provide workshops that cover all of these tasks from policy and procedures through to execution of tasks. If you require a workshop on any Data Protection processes we will be able to provide specific content based on your organisations’ framework.
Whilst face to face classroom style training brings the most benefit to attendees, there are times, such as the Covid 19 pandemic, that means we all need to make more use of online services.
Guardian Saints are able to provide a secure online training session to enable attendees to ask questions and fully engage with our experienced trainers.
Testimonial
I was surprised that training on data protection could be delivered in way that was interesting and engaging. It's an easy topic to poke fun at - Guardian Saints did a great job at overcoming preconceptions of 'this is going to be boring' and I came away feeling the session was very worthwhile - and relevant to my role. I was impressed!
Staff member at AFA Fostering
