We built our privacy consultancy service with the express aim of helping organisations achieve an appropriate level of information management maturity. Almost all organisations use data in one form or another. We focus on an organisation’s obligations around the use of individual Personal Identifiable Information (PII).

Privacy Consultancy from KnowNow Information

Privacy concerns around PII have increased over recent years. The need to address the obligations and to meet national and international laws, regulations, and compliance standards is becoming ever more onerous and complex, especially where data needs to be shared between different jurisdictions. Individuals who use your services are becoming increasingly aware of the value of their data, and the rights they have and are expecting appropriate use and transparency in the way organisations use this information.

The incoming GDPR regulations in May 2018 will dramatically increase the requirement for privacy controls on organisations and ensure better management of personal data for citizens. 

Over the last eighteen months, KnowNow has been conducting ongoing market assessments and we see increasing demands on organisations around consent models, portability, access rights, deletion and portability of information, privacy policies & statements, opt-in and opt-out rights, as well as how, where and why data is stored. These trends are highlighted by the increased actions taken by regulatory bodies such as the Information Commissioners Office (ICO), individual and class action litigation against companies and public bodies.

Failure to meet your data protection and privacy obligations could result in severe reputational damage, financial loss, operational outage and loss of new and existing commercial agreements and partnerships.

Why should I consider KnowNow?

In a recent survey, only 4% of respondents stated they were very knowledgeable about GDPR. Looking at the questions below is an indication of your organisation’s readiness for the GDPR implementation and existing privacy standards:

Does your organisation have sufficient skills and support to comply?

Are your policies, procedures, and training updated and sufficient to meet the standards?

Does your organisation have a clear view of personal data assets and associated risks?

Is there an understanding of who is processing personal information and where it is being stored?

Is valid consent obtained?

Could the information be removed, updated or exported if needed?

Is the organisation’s privacy policy fit for purpose?

Have we made plans for the operational and commercial impacts on the business for meeting the GDPR?

How we can help

KnowNow takes a holistic and systematic approach to the issues faced by organisations; wherever possible we look to balance the commercial and strategic goals of an organisation with the regulatory and compliance requirements they face.

Each organisation we work with faces specific challenges, perhaps the biggest is meeting the new General Data Protection Regulation (GDPR), which will apply to any organisation, which has an economic interest within the EU or uses PII of EU citizens. Other standards may also apply such as the 1998 Data Protection Act or the Privacy & Electronic Communication Regulations (PECR) etc. There may also be conflict with other corporate obligations such as FCA regulations and employment rights

Below is an indication of the process we at KnowNow undertake when providing our privacy consultancy, depending on the organisation’s maturity and understanding of the privacy issues they may face.
Privacy Consultancy process - 1)Data classification - 2)Regulatory requirements assessment - 3)Assess controls and process - 4) Report how to meet requirements - 5)Ongoing monitoring

Our Privacy Consultancy Services

GDPR Readiness assessment

Assess your readiness for GDPR by looking at over sixty question sets to evaluate eight key areas of the regulation across agreed business units and functions. The assessment allows your organisation to sense check its current position and formulate a prioritised plan to meet the regulation. KnowNow can also provide consultancy as to the operational and business impact on the business.

Suitable for small and medium businesses who are looking to ensure their business will not be liable for fines from the Information Commission, this service costs £5,000, requires one day spent at your location, and provides a comprehensive report as to readiness for GDPR and recommended actions.

Privacy Impact Assessment*

A comprehensive assessment of your company’s current privacy posture against the core requirements of the GDPR. Leveraging your GDPR benchmarking results, KnowNow guides your organisation to identify and prioritise operational changes needed to achieve GDPR compliance.

*A requirement under GDPR article 35 for organisations with technologies and processes that are likely to result in a high risk to the rights of the data subjects

The privacy impact assessment is delivered in three key phases:

Phase I: Assess Readiness

Information is gathered and results are assessed to uncover any potential issues accelerating the route to remediation This is designed to help companies understand the core obligations of the European Union’s GDPR and determine which business processes they will need to review and implement in preparation for the GDPR.

KnowNow analyses the findings and produces a detailed gap analysis. We work with your organisation to gather any relevant supporting documents, such as product requirements documents, database schemas, and third-party integration agreements.

The Privacy Impact Assessment will be the foundation for your organisation’s consent template. This will enable your services to access consent management tools.

Phase II: Develop a Plan

The Findings Report provides companies with a set of prioritised recommendations and includes the following elements:

An Executive Summary showing critical gap areas;

findings for all business units assessed; gap analysis and risk factors.

GDPR priorities action plan and heat map outlining risks, the level of effort to implement, as well as schedule, budget & resource estimates.

It will also contain short-term immediate steps. Examples include any specific products or processes that require more detailed diagnostics or remediation. It also includes the development of a long-term GDPR compliance roadmap to include Data Inventory & Flow, PIA Process Development, and Privacy Program Monitoring with technology.

Phase III: Build Consensus

The onsite review provides key organisational stakeholders with an opportunity to understand more about top GDPR requirements, the Company’s current privacy posture, and recommended roadmap actions. The session provides an opportunity to seek questions and offer clarifications on any areas of the report or methodology. Key stakeholders are engaged in the next steps towards implementing the remediation plan.

This is the ICO-approved Privacy Impact Assessment and is designed for organisations that have significant data privacy obligations and costs from £30,000 which will include an average of 5 days spent at your site as well as a comprehensive report as described above.

We can also provide the following privacy consultancy services, each provided from our headquarters in Portsmouth from just £500:

Privacy policy/ statement review

How valid is your organisation’s existing privacy policy?

Privacy policy development

We can help you develop a compliant privacy policy.

Privacy workshops

Helping your organisation understand privacy requirements

Privacy training

Helping your staff comply with privacy regulation

Privacy audit

An assessment of your current privacy policies and processes.

To book your free initial session for us to discuss your requirements or to find out more about our privacy consultancy then give David or Chris a Call on 02392 160 640 or email us at contact@kn-i.com.

You can also follow us on Twitter @knownowinfo

The following articles contain more information about GDPR and our privacy consultancy.

How to implement consent for your council under GDPR

Future Watch: Privacy and Social Media