PHONE
+44 (204) 572 4640
Contact Us
Event Image

Specific Terms

         

1.

Outsourced Data Protection Officer (DPO)
  1.1. A managed service where Customer can purchase a number of days (smallest amount is 0.5 days) per month for DPO services. Where Customer does not use the total amount of time in any given month, that time may be carried over to the subsequent month (but not longer).
Supplier will provide virtual consultation to Customer, information, advice and other related services, in accordance with the DPO Service Levels below, to ensure that Customer processes the personal data of its staff, customers, service providers or any other individuals (also referred to as data subjects) in compliance with Applicable Data Protection Laws and best practice.
    1.1.1. Supplier Obligations
      1.1.1.1. Supplier will act as the Data Protection Officer (DPO) for Customer in accordance with Applicable Data Protection Laws;
      1.1.1.2. Facilitate Customer compliance with the UK/EU GDPR and other applicable data protection legislation by ensuring effective systems and controls are in place to enable Customer to comply with their legal obligations;
      1.1.1.3. Act as Customer’s intermediary between relevant stakeholders, including supervisory authorities, data subjects, and business units;
      1.1.1.4. Report notifiable data breaches identified and notified to Supplier by Customer to the Information Commissioner’s Office (ICO) and any relevant supervisory authority at the end of any statutorily required notice period where the requisite notice has not been sent earlier either by Customer or Supplier at Customer’s instruction; and
      1.1.1.5. Inform and advise Customer’s senior management (where appointed to do so) in accordance with Supplier’s position as DPO of Customer.
    1.1.2. Customer Obligations
      1.1.2.1. Customer will ensure compliance with all Applicable Data Protection Laws and in particular Customer will:
      1.1.2.2. Report all notifiable and potential data breaches to support@trudigitalprotection.com as soon as Customer becomes aware of the breach;
      1.1.2.3. Submit details of data breach(es) to Supplier for reporting to the ICO and any relevant supervisory authority without undue delay; and
      1.1.2.4. Where Customer fails to comply with reporting obligations above, Supplier shall not be liable and Customer will indemnify Supplier for any penalties imposed by the ICO, any relevant supervisory authority or any third-party claims, because of failure and or delay in reporting notifiable breaches.
  1.2. DPO Service Levels
  1.3. Priority levels will be addressed in line with the following Service Levels:
Type Response Time
Urgent” is a scenario which will have a serious immediate impact on the protection of personal data 1 Hour
High” for advice on GDPR/data protection topics that are subject to time constraints 4 Hours
"Medium" for advice and guidance on GDPR/data protection issues 12 Hours
Low” longer-term projects that do affect Customer’s operations. 24 Hours

 

All Service Levels apply only from 9:00 am to 5:30 pm GMT Monday to Friday, excluding UK bank holidays (“Working Hours”). All DPO Service requests must originate with an email sent to support@trudigitalprotection.com
         

2.

Consultancy Services
  2.1. Data Privacy Advisor (DPA)
Supplier will provide Customer access to up to 2 hours per month of remote support for queries and questions relating to GDPR and data privacy matters. Customers can contact the DPA service via a centralised mailbox initially and then queries can be dealt with via email, phone or video conferencing.
  2.2. GDPR Audit
Supplier will provide an experienced GDPR consultant to audit the current level of compliance to GDPR. The output of the audit will be a report that will outline any non-conformities. During the audit, which will be conducted remotely, Customer will need to provide access to key staff, documentation and evidence to support the audit.
  2.3. GDPR Gap Analysis
Supplier will provide an experienced GDPR consultant to undertake a gap analysis against the requirements of GDPR. The output of the gap analysis will be a report detailing the current level of compliance to each of the requirements along with a document review (which will include a maximum of 20 GDPR related policies, procedures or documents) with recommendations and an action plan outlining what needs to be done to achieve compliance. During the gap analysis, which will be conducted via a series of online interviews with key stakeholders, Customer will be required to provide documents, e.g., policies and procedures that are currently in place for assessment.
  2.4. GDPR Implementation
Supplier will provide an experienced GDPR consultant to deliver the GDPR implementation project. The service, which will be delivered remotely, will include preparation of all required documentation along with advice and support on how to ensure current processes are compliant. Customer will be required to play an active part in the implementation through interviews and workshops.