Home

Data Protection Health Check

Data Protection is the Law

  • Personal Data is a critical asset in all businesses and organisations
  • Personal Data is protected by the Data Protection Acts 1988 and 2003
  • Personal Data is not just limited to what's held on your organisation's computers. Since 2003, paper based filing systems are also protected by the legislation
  • Non-compliance with the Data Protection Acts can result in penalties ranging from fines to orders to delete the personal data, or both.
  • Reputational damage to your organisation arising from a breach can be equally damaging.

Do you process personal data?

 

Does your business process personal data?

  • If you capture information via a website you are processing personal data and may fall within the scope of the Data Protection Acts, 
  • If you hold customer or prospect data in a CRM system, Excel spreadsheet or filing cabinet you are processing personal data and may fall within the scope of the Data Protection Acts
  • If you operate a CCTV camera system, you are processing personal data and may fall within the scope of the Data Protection Acts.
  • If you keep personnel records for your staff, you are processing personal data and may fall within the scope of the Data Protection Acts.
  • If you collect or use people's name, address, telephone number or other details in the course of conducting your business then you are processing personal data and may fall within the scope of the Data Protection Acts.
Is your organisation in compliance with the Act?

Data Protection Healthcheck (computer with stethescope)Castlebridge Associates' Data Protection Health Checktm provides a check point for you to assess compliance in your organisation.
Based on the Data Protection Commissioner's own audit approach and conducted by qualified Data Protection Practitioners, the Data Protection Health Checktm will identify:

  • Current areas of non-compliance
  • Areas of risk with current practices and processes
  • Recommended steps to remedy compliance breaches
  • Opportunities to improve the quality and effectiveness of your Information Assets.

The method:

 

The approach taken to the Data Protection Health Check is simple. Castlebridge Associates will visit your organisation and conduct an audit based on the Data Protection Commissioner's Audit and other resources. This will normally take a half day to a day depending on the size of your organisation.

 

The Health Check Audit:

  • will be Primarily interview and questionnaire based and carried out on-site.
  • will seek to verify the alignment of Data Protection policies in your organisation with actual work practices.
  • may involve (at your request) a profiling of information in your systems to determine areas of potential data protection risk arising from poor quality information (e.g. missing opt-in flags on data, inconsistent data, duplicated data etc).

The output of the Data Protection Health Check will be a detailed report outlining:

  1. Areas of risk of or actual breach of the Data Protection Act
  2. An action plan for addressing compliance and developing a compliance culture in your organisation
We will also prepare a presentation summarising our findings and the action plan and will present those findings to your management team in a second session which may last up to half a day depending on findings.
The cost for a half-day Health Check is €350 (includes up to 2 half-day sessions). 
(Longer Health Check engagements will be costed on a bespoke basis with the client)