Data Privacy Consulting Services from GRCI Law

It is essential to ensure your organisation processes personal data in accordance with data protection and privacy laws, such as the DPA (Data Protection Act) 2018 and UK GDPR (General Data Protection Regulation).

If you cannot demonstrate that your data processing activities are lawful, you put yourself at risk of regulatory action This can include administrative fines of up to £17.5 million or 4% of your annual global turnover (whichever is greater), as well as legal action from data subjects.

If you process the personal data of non-UK residents, you might also be subject to other data protection laws, such as the EU GDPR and the CPRA (California Privacy Rights Act).

If you are unsure of your legal obligations or how to meet them, GRCI Law has everything you need.

How GRCI Law can help you

Privacy as a Service provides all the expert support you need to ensure you meet your data privacy obligations.

Monthly subscriptions are priced according to your organisation’s size, and you can choose the level of service you need:

1. GDPR Advice Service

This service gives you unlimited access to:

• Guidance from experienced data privacy consultants on:
• GDPR, DPA 2018 and data privacy issues; and
• Article 30 processing records.
• General advice on DSARs (data subject access requests) and data breaches.

You also get:

• A monthly newsletter on important GDPR and data privacy updates.
• A 10% discount on additional hours for execution/implementation work for micro organisations.
• A 15% discount on additional hours for execution/implementation work for small, medium and large organisations.

2. Data Privacy Manager Service

This subscription service gives you access to unrivalled advice from data privacy and security experts and legal specialists. It includes:

• A dedicated data privacy manager;
• A GDPR gap analysis and remedial action plan (year 1);
• GDPR compliance monitoring;
• Managing your GDPR compliance action plan;
• GDPR documentation review (policies and procedures);
• Guidance on creating and maintaining your personal data processing register (Article 30 records);
• Guidance on handling DPIAs (data protection impact assessments) and DSARs;
• Guidance on data breach monitoring, management and reporting;
• Advice on delivering GDPR staff awareness training;
• An annual compliance audit (from year 2);
• Monthly activity and quarterly management reports;
• Guidance from experienced data privacy consultants on GDPR, data privacy and information security issues, and Article 30 records of processing activities;
• Acting as the point of contact for DSARs and data breaches; and
• A monthly newsletter on important GDPR updates.

  Find out more about our Data Privacy Manager Service

3. DPO (data protection officer) as a Service

This service includes everything in the Data Privacy Manager Service, plus:

• Fulfilment of your data privacy responsibilities under Articles 38 and 39 of the GDPR, including:
• A truly independent DPO with no conflicts of interest;
• Registration as DPO with the relevant supervisory authority; and
• A contact point for the relevant supervisory authority on all data protection matters.
• Hands-on support creating and maintaining Article 30 processing records;
• Guidance on maintaining compliance with the GDPR and DPA 2018;
• Facilitating staff awareness training; and
• Support to identify personal data processing activities and verifying they comply with the GDPR and DPA 2018.

  Find out more about our Privacy as a Service