Data Privacy

Data privacy and the protection of personal information are at the foremost of peoples current concerns which has been compounded by many recent reports of data loss by both financial and government sectors.

Data privacy is sometimes misinterpreted as Information Security, which is only one element of a data privacy compliance program. Data privacy covers information stored and processed in all forms, for example, CCTV, telecommunications and paper.

 To ensure data is adequately protected and only used for legitimate purposes there are many UK and European regulations that must be met by Law.  Although a daunting task to some, compliance can be simplified by using a skilled member of the Evolve team.

 What regulations apply to data privacy?

  • Data Protection Act  ( For further information please click here )
  • Freedom of Information Act
  • Privacy and Electronic Communications Regulations
  • Human Rights Act
  • Regulation of Investigatory Powers Act

 What can I do to achieve compliance?

Evolve provide experienced data privacy professionals to assist companies in achieving all legal and regulatory privacy obligations including:

  • Privacy Impact Assessments for new projects
  • Data law compliance assessment
  • Data protection compliance assessment
  • Compliance to BS10012
  • Privacy enhancing technologies (PETs)
  • Data privacy auditing

 Compliance to BS 10012

British Standard, BS 10012:2009, Data protection – Specification for a personal information management system is a best practice to aid implementation and provide guidance for compliance to Data Protection legislation by providing a framework for management of personal information.

 Privacy Impact Assessment (PIA)

A Privacy Impact Assessment adopts a risk based approach to assess a projects potential impact on privacy and should be performed before starting or at the initiation stage of any project that includes the processing of personal information.

Although mandatory for many public sector bodies it is a simple way for all data controllers to assess privacy requirements and demonstrate due diligence should a breach occur.

Why perform a PIA?

  • Identify and mitigate risks including non-compliance with law
  • Increase public/customer trust & confidence
  • Maintain the organisations reputation
  • Fulfil Cabinet Office requirements
  • Avoid expensive post implementation updates or additions to projects
  • Inclusion of Privacy enhancing technologies (PETs)  to increase protection of information

 Data law compliance assessment

Checks that your current practices are compliant with the requirements of all data privacy laws and regulations

 Data protection compliance assessment

Reviews your current compliance specifically and in detail against the Data Protection Act 1998

 Data privacy auditing

Auditing to ensure projects have maintained compliance to data privacy laws and regulations following years of service and changes and reviews of outsourced data processors or service providers to ensure contracted privacy requirements are implemented

Print This Page Print This Page Email This Page Email This Page
© 2010 Evolve Business Consultancy Ltd - Registered Number: 03956682 (England & Wales)