GDPR Consultancy Services

GDPR Toolkit:

We are pleased to be able to provide a comprehensive toolkit specifically designed for law firms. This is suitable for firms that are able to implement GDPR ‘in-house’ that do not require external assistance. The toolkit comprises of:

  1. Data Security & Information Governance Manual
  2. GDPR Guidance Notes
  3. Data Protection Privacy Notice (for use in client care letters for cases started after 25 May 2018)
  4. Website Privacy Notice (for use on your website)
  5. Register of Personally Owned Devices
  6. Information data Audit/processing template incorporating guidance
  7. Template Data Processing Agreement
  8. Paragraph for Inclusion in Experts and other Instructions

The Manual includes the following policies & procedures:

• Data Protection
• Information Management & Security
• Transfer of Data to Third Parties
• Cybercrime and Fraud Prevention
• E-mail
• Acceptable Use of IT Facilities
• Use of Personally-Owned Devices
• Credit Cards
• Archiving, Retention & Destruction
• End of Employment

The price of the toolkit is £699.

 

In-house GDPR training

We offer a comprehensive half day course which covers the steps required to understand the gap between your present  systems and those necessary in order to achieve effective compliance with GDPR. The course will also provide practical advice on common errors made by law firms and how to avoid them, together with tips on best practice.

We also cover the Government backed Cyber Essentials accreditation scheme given that all suppliers must be compliant with the new Cyber Essentials controls if bidding for government  contracts which involve handling of sensitive and personal information and provision of
certain technical products and services.

Course Content:

GDPR Awareness including:
• Differences between the DPA and GDPR
• Key principles and restrictions in handling Personal Data

Assessing your readiness:
• Auditing the information you hold
• What you need to do

Cyber Essentials:
• A summary of the Cyber Essentials scheme
• Obtaining Cyber Essentials accreditation

Why You Should Attend?
This course is aimed at all legal firms. The content of the course is relevant to all managers,
principals and lawyers wishing to improve their understanding of the GDPR and Data Security.

Speaker:
Matt Howgate, Consultant, DG Legal
Matthew is a non-practising solicitor and was formerly Senior Legal Adviser and Head of Continuous
Improvement at the Legal Services Commission. He was also Legal Standards Principal at the
Co-operative Legal Services. Since 2008 he has been providing expert organisational development, compliance and strategy
consultancy. He has particular expertise in SRA and BSB compliance issues, data protection (and
GDPR) compliance and is recognised as a leading expert on the legal aid scheme (indeed he is
a member of the managing committee
at the Legal Aid Practitioner’s Group).

 

on-site consultancy services

Delivered by experts with decades of experience in the legal sector, our GDPR consultancy services are tailored to law firms and other legal organisations.

We shall not provide you with superfluous material nor introduce any unnecessary steps on the path to becoming GDPR compliant.

We offer two services: Standard and Premium.

 

Our Standard Service:

This service is recommended for our retainer clients or those who are happy to work with us with implementing your revised processes. It includes:

• Initial full day on-site information audit and review to assess your current data protection compliance and readiness for GDPR;
• Review of third party data processor contracts;
• Preparation of a detailed report, with recommendations, outlining the steps necessary to achieve GDPR compliance (gap analysis);
• Provision of GDPR compliant template policies and procedures;
• 3 months follow up advice and assistance (and amendment of documents to reflect and post implementation changes to approach / guidance by WP29, the ICO or Law Society / LAA.

The cost for most firms is £2,000 plus VAT

 

Our Premium Service:

We recommend this service to our non-retainer clients as it will fully prepare you for GDPR readiness. This service includes:

• Initial full day on-site information audit and review to assess your current data protection compliance and readiness for
GDPR;
• Review of third party data processor contracts;
• Preparation of a detailed report, with recommendations, outlining the steps necessary to achieve GDPR compliance (gap analysis);
• Creation of the Article 30 record of processing activity;
• Creation of a detailed data risk assessment;
• Provision of a fully GDPR, Lexcel (or SQM) and SRA compliant Information Security and Data Protection Manual and associated document templates (including data protection notices and consents) tailored to your firm’s requirements;
• Second on-site full day reviewing readiness and providing staff training on GDPR, compliance and new procedures
• Guidance on and assistance with obtaining the Cyber Essentials accreditation;
• 6 months follow up advice and assistance (and amendment of documents to reflect and post implementation changes to approach / guidance by WP29, the ICO or Law Society / LAA.

The cost for most firms is £4,000 plus VAT

Unsure which to choose? Consider opting for the cheaper standard service and then upgrade to the Premium service later if you need to.

 

Data Protection Officer Services:

Many law firms will be required to appoint a Data Protection Officer (DPO) and others may appreciate the reassurance of voluntarily appointing one. If you wish to appoint us as your external DPO then we can offer this ongoing service for £200 plus VAT pcm (minimum term 12 months). This would include us formally registering ourselves with the Information Commissioner’s Office as your DPO.

This service includes:

  • Initial visit to assist with completing an information audit and provision of staff training;
  • Regular data protection & security update briefings;
  • Help with discussing any actual or potential data security breaches and how to handle them;
  • Assistance with deciding whether a breach should be reported to the ICO and assistance with reporting that breach;
  • Assistance with the preparation of any necessary Data Protection Impact Assessments;
  • Annual staff update training;
  • Annual review of policies, procedures, the Article 30 record of data processing and the risk assessment.

 

For Our Retainer Clients:

The toolkit is complementary for our retainer clients.

Assistance with any of the above can be purchased at £950 plus VAT for the first day and £800 plus VAT for any second or subsequent days. In addition, the DPO service is available for £180 pcm (minimum term 12 months).

Get in touch

If you would like further information on any of the services mentioned on this site or would like to arrange a discussion with one of our consultants, please send an email or contact us by completing this form.

Any data that you submit using this web form will be held by our firm as Data Controller and will be held securely for 12 months before being securely and confidentially destroyed. Your data will not be disclosed to any third parties without your consent or as otherwise allowed by the General Data Protection Regulation and will only be used for responding to your query (or purposes associated with that purpose).  You have the right to be informed about what data we hold about you along with other rights set out in the legislation. Further information about your rights under the data protection legislation can be found at www.ico.org.uk
For further information, please see our Data and Privacy Notice