Incident Management
Delivering an efficient digital platform to manage and handle any data breaches, data subjects rights and information requests directed to your organisation.
Data Breach Management
The data breach management module allows any ProvePrivacy user to raise an incident relating to a suspected data breach. Once raised ProvePrivacy will notify the DPO of the breach and allow them to establish an investigation team.
ProvePrivacy guides the team through the circumstances and the consequences of the incident allowing them to build the supervisor breach report. All incidents are logged so that your organisation can demonstrate both reported breaches and near misses.
- Breach Management
The incident reporting process is simple, with obstacles to logging removed you learn of them faster. Once an incident is logged your lead investigator can manage the breach step by step, including reporting to the supervisory authority or, other interested parties.
- Report Generation
If a breach is reportable, ProvePrivacy will generate the supervisor breach report so that it can be emailed to the relevant regulatory authority. This means that that there is no need to re-enter information already collected by ProvePrivacy.
Data Subject Rights Management
The data subject rights management module allows any ProvePrivacy user to raise an incident relating to a data subjects request including a data subject access request (DSAR), right to be forgotten, and all other data subjects rights.
By building each of the UK exemptions in to ProvePrivacy, your investigators can easily identify if they can be applied to a specific incident, potentially reducing the effort required.
- Data Subjects Rights
The Data Subject Rights module allows you to manage requests from data subjects such as a data subject access request (DSAR) or the ‘right to be forgotten’. As well as managing the process, ProvePrivacy maintains a log of requests so that you can demonstrate compliance.
- Exemptions
There are a large number of complex exemptions available when dealing with data subjects rights, and not all can be applied to all requests. ProvePrivacy only allows the relevant exemptions to be selected and recorded, meaning your investigation teams can focus on responding to relevant parts of the request.
Information Request Management
The Information Request module allows a request for information to be recorded. Typically this would be a request for non-personal information such as a Freedom of Information Request, Environment Information Regulations request or a request from other bodies.
ProvePrivacy informs the appropriate teams that a request has been raised, notifies them of the progress of the request and when further actions are required.
- Incident Reporting
The incident reporting process is simple meaning there are fewer obstacles to logging an incident and that you learn of them faster. Once an incident is logged your lead investigator can manage the breach step by step. Information is collected throughout the process allowing for management information to be produced at a later date.
- Risk Identification
Like all of the ProvePrivacy modules, there is the ability to add associated risks to an incident. This allows the incident and the associated risk to be managed separately.
Testimonials
What our clients say
Data, Data, Data. Mark is the man. Every time I have a question about data in either a business or IT scenario Mark is my first port of call. If you need help or advice with Data Protection or compliance with data regulation. This is where you go.
David Gemmell
Programme Manager
ProvePrivacy is an easy to use system and I think the work you’ve done by implementing the data retention schedule a great advantage point for the Higher Education sector.
Anglia Ruskin University
David Humphreys - Information Governance Manager
ProvePrivacy is a very intuitive and user-friendly tool, which will be really helpful for fundraisers who might have limited data protection experience or be engaging with information governance for the first time. The fact that it was so thorough seemed like it could be really beneficial in terms of ensuring all data protection information about a given product or activity is held in one place.
International Aid Charity
Just completed the GDPR Foundation Course , which gave me a big uplift in knowledge on the new standard. The course was thorough and delivered very professionally but they key benefit for me was Mark’s ability to bring the material to life by providing and discussing examples. I would definitely recommend this training.
John Pikett
Managing Partner
I’ve just completed GDPR Foundation training and thoroughly recommend it. I went in with a good working knowledge of the Data Protection Act, but not much real knowledge of how if differs to new legislation such as GDPR. By the end of the session I felt I had a really good understanding of the key aspects of GDPR, and what it will mean in practice – invaluable – and what made it even better was that I also passed the exam at the end !
David Grant
Executive Director
Having worked with the principal director Mark, I can say that it is good to see that a courteous, professional and client dedicated experience with the end client goals always in the sights for delivery, being offered within the UK market. Having used their consulting services on a number of fronts and most recently for some training for my business on GDPR I can thoroughly recommend this team.
Casey Thomas
IT Director
I attended the GDPR Foundation Course and prior to attending the course the team took the time to discuss the course content and who it was aimed at. The course itself was run at a good speed in a small manageable group which allowed the group more of the tutor’s time allowing us all and go over anything we were unsure of. The pace of the course was good with open discussion on each of the modules. The theory was brought to life with real examples where you could use it in the workplace.
Shakil S
Operations Manger, KPMG
I attended one of the Foundation courses and would recommend it to anyone wanting to learn more about the organisational impact of GDPR. Mark is a very engaging presenter with an extensive knowledge of the regulation and is able to summarise effectively the practical implications of the regulation on businesses of all sizes.
Matthew Page
Senior Product Owner, Jaguar Land Rover
I wholeheartedly recommend Mark’s services around GDPR consultancy and training. He understands the regulations, how they impact companies and how firms can succeed on the journey to compliance and beyond. Moreover, given his programme management and compliance background, Mark is ideally placed to accompany organisations on that route.
