GDPR Consultancy Services

We were ahead of the curve on the single biggest compliance issue of 2018, delivering a number of expert courses on GDPR. We can provide a suite of carefully drafted materials and resources and offer on-site consultancy services to assist firms with GDPR.

Attended a GDPR presentation held by DG Legal and was very impressed by the course structure, the guidance and the information given. Matthew presented the course in an easy to understand manner which helped greatly with our concerns about the new regulation that is coming into force next month.

Michael Worthey
Computer and Information Systems Manager, Spicketts Battrick Law Practice
27 April 2018

GDPR Toolkit

We are pleased to be able to provide a comprehensive toolkit specifically designed for law firms. This is suitable for firms that are able to implement GDPR ‘in-house’ that do not require external assistance. The toolkit comprises of:

  • Data Security & Information Governance Manual
  • GDPR Guidance Notes
  • Data Protection Privacy Notice (for use in client care letters for cases started after 25 May 2018)
  • Website Privacy Notice (for use on your website)
  • Register of Personally Owned Devices
  • Information data Audit/processing template incorporating guidance
  • Template Data Processing Agreement
  • Paragraph for Inclusion in Experts and other Instructions

The Manual includes the following policies & procedures:

  • Data Protection
  • Information Management & Security
  • Transfer of Data to Third Parties
  • Cybercrime and Fraud Prevention
  • E-mail
  • Acceptable Use of IT Facilities
  • Use of Personally-Owned Devices
  • Credit Cards
  • Archiving, Retention & Destruction
  • End of Employment

Cost

The price of the toolkit is £699 but is complementary for our retainer clients.

In-house GDPR training

We offer a comprehensive half day course which covers the steps required to understand the gap between your present systems and those necessary in order to achieve effective compliance with GDPR. The course will also provide practical advice on common errors made by law firms and how to avoid them, together with tips on best practice.

We also cover the Government backed Cyber Essentials accreditation scheme given that all suppliers must be compliant with the new Cyber Essentials controls if bidding for government  contracts which involve handling of sensitive and personal information and provision of
certain technical products and services.

Course Content

GDPR Awareness including:

  • Differences between the DPA and GDPR
  • Key principles and restrictions in handling Personal Data

Assessing your readiness:

  • Auditing the information you hold
  • What you need to do

Cyber Essentials:

  • A summary of the Cyber Essentials scheme
  • Obtaining Cyber Essentials accreditation

Why You Should Attend?

This course is aimed at all legal firms. The content of the course is relevant to all managers, principals and lawyers wishing to improve their understanding of the GDPR and Data Security.

Speaker

Matt Howgate, Consultant, DG Legal

Matthew is a non-practising solicitor and was formerly Senior Legal Adviser and Head of Continuous Improvement at the Legal Services Commission. He was also Legal Standards Principal at the Co-operative Legal Services.

Since 2008 he has been providing expert organisational development, compliance and strategy consultancy. He has particular expertise in SRA and BSB compliance issues, data protection (and GDPR) compliance and is recognised as a leading expert on the legal aid scheme (indeed he is a member of the managing committee at the Legal Aid Practitioner’s Group).

On-site Consultancy Services

Delivered by experts with decades of experience in the legal sector, our GDPR consultancy services are tailored to law firms and other legal organisations.

We shall not provide you with superfluous material nor introduce any unnecessary steps on the path to becoming GDPR compliant.

We offer two services: Standard and Premium.

Our Standard Service

This service is recommended for our retainer clients or those who are happy to work with us with implementing your revised processes. It includes:

  • Initial full day on-site information audit and review to assess your current data protection compliance and readiness for GDPR;
  • Review of third party data processor contracts;
  • Preparation of a detailed report, with recommendations, outlining the steps necessary to achieve GDPR compliance (gap analysis);
  • Provision of GDPR compliant template policies and procedures;
  • 3 months follow up advice and assistance (and amendment of documents to reflect and post implementation changes to approach / guidance by WP29, the ICO or Law Society / LAA.

Standard Service Cost

The cost of our Standard Service for most firms is £2,000 plus VAT.

For retainer clients, assistance with any of the can be purchased at £950 plus VAT for the first day and £800 plus VAT for any second or subsequent days.

Our Premium Service

We recommend this service to our non-retainer clients as it will fully prepare you for GDPR readiness. This service includes:

  • Initial full day on-site information audit and review to assess your current data protection compliance and readiness for GDPR;
  • Review of third party data processor contracts;
  • Preparation of a detailed report, with recommendations, outlining the steps necessary to achieve GDPR compliance (gap analysis);
  • Creation of the Article 30 record of processing activity;
  • Creation of a detailed data risk assessment;
  • Provision of a fully GDPR, Lexcel (or SQM) and SRA compliant Information Security and Data Protection Manual and associated document templates (including data protection notices and consents) tailored to your firm’s requirements;
  • Second on-site full day reviewing readiness and providing staff training on GDPR, compliance and new procedures
  • Guidance on and assistance with obtaining the Cyber Essentials accreditation;
  • 6 months follow up advice and assistance (and amendment of documents to reflect and post implementation changes to approach / guidance by WP29, the ICO or Law Society / LAA.

Premium Service Cost

The cost of our Premium Service for most firms is £4,000 plus VAT.

Which Service Should I Choose?

If you are unsure which to choose, consider opting for the cheaper Standard Service and then upgrade to the Premium Service later if you need to.

Data Protection Officer Services

Many law firms will be required to appoint a Data Protection Officer (DPO) and others may appreciate the reassurance of voluntarily appointing one.

We offer a service where you can appoint us as your external DPO. This would include us formally registering ourselves with the Information Commissioner’s Office as your DPO.

This service includes:

  • Initial visit to assist with completing an information audit and provision of staff training;
  • Regular data protection & security update briefings;
  • Help with discussing any actual or potential data security breaches and how to handle them;
  • Assistance with deciding whether a breach should be reported to the ICO and assistance with reporting that breach;
  • Assistance with the preparation of any necessary Data Protection Impact Assessments;
  • Annual staff update training;
  • Annual review of policies, procedures, the Article 30 record of data processing and the risk assessment.

Cost

If you wish to appoint us as your external DPO then we can offer this ongoing service for £200 plus VAT per calendar month (minimum term 12 months).

For retainer clients, the DPO service is available for £200 plus VAT per calendar month (minimum term 12 months).

For Our Retainer Clients:

Assistance with any of the above can be purchased at £950 plus VAT for the first day and £800 plus VAT for any second or subsequent days.

Get in touch

If you would like further information on any of the services mentioned on this site or would like to arrange a discussion with one of our consultants, please send an email or contact us by completing this form.

Any data that you submit using this web form will be held by our firm as Data Controller and will be held securely for 12 months before being securely and confidentially destroyed. Your data will not be disclosed to any third parties without your consent or as otherwise allowed by the General Data Protection Regulation and will only be used for responding to your query (or purposes associated with that purpose).  You have the right to be informed about what data we hold about you along with other rights set out in the legislation. Further information about your rights under the data protection legislation can be found at www.ico.org.uk
For further information, please see our Data and Privacy Notice