Data Management
Our platform allows your organisation to demonstrate that it has the technical and organisational measures and reporting to support processes and meet international certification standards for data protection, with your ROPA directly connected to a live information asset register.
Technical & Organisational Measures
Being able to evidence how an organisation is ensuring data protection through technical and organisational measures is a key element of meeting the requirements of article 30.
ProvePrivacy uses published standards as the basis to evidence that controls are in place and are evidenced.
Regardless of which standard you use or even if you choose not to obtain a certification, ProvePrivacy allows you to establish the scope of your programme, plan for implementation and provide evidence to support controls.
- ISO 27001:2022
ISO/IEC 27001 is a comprehensive international standard for information management, covering people, policies and technologies. It offers a security framework for risk management, cyber resilience and operational excellence, making it a great foundation for your data protection controls.
- ISO 27701
With ProvePrivacy, you can achieve your goals and manage privacy information in accordance with ISO 27701. This standard expands upon 27001 and focuses on privacy management. ProvePrivacy supports the majority of controls outlined in the standard, making compliance easier.
- NIST 2.0
NIST 2.0 presents a set of standards to build a cyber risk management programme on. It is a valuable resource which will enhance your cybersecurity resilience and help your teams adapt to emerging threats. It is designed to be adaptable for all sectors, regardless of size or maturity.
- Cyber Assessment Framework
Used widely in the Public Sector, the Cyber Assessment Framework (CAF) was developed by the National Cyber Security Centre (NCSC). The framework provides a way of assessing the cyber risks to essential functions, looking at how these are managed,
Reporting & Support
Reporting provides you with the ability to demonstrate compliance; reporting covers areas such as risk management, breach reporting and data subject rights.
We also have a network of partners that specialise in areas such as data protection and cyber security should you need additional support.
- Reporting
Reporting covers risk management, action planning, staff awareness, policy completion, breach reporting and data subject rights. If there are any additional reports you require these can be developed by submitting a Feature Request.
- Advice & Support
ProvePrivacy is supported by our partner network of data protection professionals, cyber security experts and consultant DPOs. If you are struggling to determine the best course of action you can complete a help request and we can provide the advice and support you need.
Information Asset Register
The Information Asset Register is linked to the ROPA to show all of the assets which are used as part of your processing activities. It will allow you to understand the risks associated with each asset whist it is in use, and whilst the data is in retention.
Further development on our roadmap will enable further detail to be captured to support business continuity and service availability.
- Data Retention
A data retention schedule is included that allows your data champions to select the document type which, in turn will automatically assign the relevant retention period.
- Business Continuity
The Information Asset Register will allow for all assets to be understood and if deemed critical, the business continuity characteristics can be recorded to help you define your approach.
Testimonials
What our clients say
Data, Data, Data. Mark is the man. Every time I have a question about data in either a business or IT scenario Mark is my first port of call. If you need help or advice with Data Protection or compliance with data regulation. This is where you go.
David Gemmell
Programme Manager
ProvePrivacy is an easy to use system and I think the work you’ve done by implementing the data retention schedule a great advantage point for the Higher Education sector.
Anglia Ruskin University
David Humphreys - Information Governance Manager
ProvePrivacy is a very intuitive and user-friendly tool, which will be really helpful for fundraisers who might have limited data protection experience or be engaging with information governance for the first time. The fact that it was so thorough seemed like it could be really beneficial in terms of ensuring all data protection information about a given product or activity is held in one place.
International Aid Charity
Just completed the GDPR Foundation Course , which gave me a big uplift in knowledge on the new standard. The course was thorough and delivered very professionally but they key benefit for me was Mark’s ability to bring the material to life by providing and discussing examples. I would definitely recommend this training.
John Pikett
Managing Partner
I’ve just completed GDPR Foundation training and thoroughly recommend it. I went in with a good working knowledge of the Data Protection Act, but not much real knowledge of how if differs to new legislation such as GDPR. By the end of the session I felt I had a really good understanding of the key aspects of GDPR, and what it will mean in practice – invaluable – and what made it even better was that I also passed the exam at the end !
David Grant
Executive Director
Having worked with the principal director Mark, I can say that it is good to see that a courteous, professional and client dedicated experience with the end client goals always in the sights for delivery, being offered within the UK market. Having used their consulting services on a number of fronts and most recently for some training for my business on GDPR I can thoroughly recommend this team.
Casey Thomas
IT Director
I attended the GDPR Foundation Course and prior to attending the course the team took the time to discuss the course content and who it was aimed at. The course itself was run at a good speed in a small manageable group which allowed the group more of the tutor’s time allowing us all and go over anything we were unsure of. The pace of the course was good with open discussion on each of the modules. The theory was brought to life with real examples where you could use it in the workplace.
Shakil S
Operations Manger, KPMG
I attended one of the Foundation courses and would recommend it to anyone wanting to learn more about the organisational impact of GDPR. Mark is a very engaging presenter with an extensive knowledge of the regulation and is able to summarise effectively the practical implications of the regulation on businesses of all sizes.
Matthew Page
Senior Product Owner, Jaguar Land Rover
I wholeheartedly recommend Mark’s services around GDPR consultancy and training. He understands the regulations, how they impact companies and how firms can succeed on the journey to compliance and beyond. Moreover, given his programme management and compliance background, Mark is ideally placed to accompany organisations on that route.