richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/Corpus/Various/DPOaaS offer Glownexus.md

2.6 KiB
Raw Permalink Blame History

We as Glownexus provide a tailored DPOaaS offering which fully covers the requirements of Article 37, 38 and 39 of the EU GDPR which also covers the UK (DPA 2018).

The DPOaaS will guide Omeros through all the important tasks Omeros has to do as a data controller and/or processor, such as drawing up and implementing a data breach procedure, performing data-protection impact assessments, and developing a training plan.

The services include:

  • A dedicated data protection officer, available for email, telephone and video call advice.
  • Registration as DPO with the relevant supervisory authority.
  • Acting as the contact point with the relevant supervisory authority on all data protection matters.
  • GDPR compliance monitoring, which includes managing your GDPR/DPA 2018 compliance action plan.
  • A GDPR/DPA 2018 gap analysis and remedial action plan (year 1)
  • An annual compliance audit (from year 2).
  • Hands-on support with creating and maintaining your personal data processing register (Article 30 record).
  • Advising on data protection and maintaining compliance with the GDPR/DPA 2018.
  • Facilitating staff awareness training.
  • Support to identify personal data processing activities and verify that the data processing activities are GDPR compliant.
  • GDPR documentation review (policies and procedures), which includes a legal review for suitability and guidance on applicability.
  • Advice on handling DPIAs (data protection impact assessments), DSARs (data subject access requests), data breach monitoring, management, and reporting; and
  • Monthly activity reports and quarterly management reports.

[Toevoeging RK]:

  • Supporting reviews of existing and new Data Processing Agreements
  • Identifying GDPR compliance risk in your data processing activities and advising on risk reducing measures dat valt impliciet onder DPIAs maar misschien goed om het nog expliciet te benoemen

The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, considering the nature, scope, context and purposes of processing.

DPOaaS is in principle an annual subscription product that is billed monthly.

Without knowing the exact scope and the level of actual compliance it is difficult to give a fixed quote but indicative we believe that we would need, for the preparation and set up 30 days and on an annual basis 120 days (10 days per months). In case of a three contract, we could spread the initial set up over the three years.