Why is Datahub’s Data Protection Services Different
DataHub Consulting, Experts in Analytics, Business Intelligence, and Compliance 310 310Read it in 16 minutes
window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-YFZ1F7T6M6');
window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-YFZ1F7T6M6');Read it in 16 minutes
Datahub Consulting have a Risk and Compliance team where we work with clients with their data protection and cyber security. When we start a conversion with a new client one of the questions we usually get asked is, “Why is Datahub’s Data Protection Services Different?”. This is a deep question that we can talk a lot about. In answering this question with clients I provide an answer based on our strengths and success stories. So, in this article I want to explain why Datahub Consulting have a comprehensive and robust risk and compliance offering with a growing list of customers year on year.
From when Datahub Consulting was incorporated we wanted to focus on our strengths and not to sell services that we would not consider ourselves as experts. As data consultants the team had expertise in data compliance and were practitioners in the EU GDPR law.
Even myself as the CEO, I’ve previously worked with large airlines and airports in the UK, and middle east to advise on data protection and cyber security.
Over the years we have built on the knowledge and are now experts in multiple data protection laws providing these services to organisations in UK, Europe, Middle East, Canada and Africa.
Before we get started into Datahub’s Risk & Compliance strengths lets have a recap on why data protection is essential in todays world. Looking at some cybersecurity stats regarding data breaches that involve personal information of data subjects. Someone’s personal information is a high commodity for cybercrime as there is large amount of money to be gained from selling personal information.
From my network of compliance professional we see that compliance companies fall into two categories. They are either a legal based organisation or are from a risk analysis background. Let’s talk about these:
Data protection is based around a legal framework enacted into law by a country or group of countries, like the EU GDPR. For this reason, someone with a legal background is in a good place to advise on the legal text of the data protection articles. The articles are the legal text that make up the directive.
Data protection is based on risk analysis, weighing up the risk to the personal information of the data subject, and implementing controls to mitigate the risk. Data protection is therefor based on risk analysis, controls, and a continual improvement process.
At Datahub we also think that technical expertise is key to being a successful data protection consultancy. Fundamentally, data protection is to safeguard the data of the data subjects. To safeguard the data organisations are required to implement appropriate technical and organisational measures to ensure a level of security for the data. This will involve IT security, IT infrastructure, Cybersecurity etc. Some examples of these are:
Above are some examples of where Datahub Consulting can advise and support IT Security, and Cybersecurity teams to ensure the security of personal information. Also when conducting a data protection audit we wouldn’t rely on the IT department telling us that adequate IT security is in place for a particular process. We would want to know the technical specifics of what is in place and then we would assess as part of the audit if this is adequate.
At the time of writing this article the EU NIS2 directive is being enacted. By October 2024 organisations that operate in the EU regardless of head office location will need to adhere to the NIS 2 framework that will increase the level of IT security measures within the EU.
For more information on NIS 2 directive have a look at the article on our website: What You Need to Know About EU NIS 2 Directive | DataHub Consulting
Datahub Consulting are expertise includes:
For this reason, we can offer data protection experts with knowledge of global data protection laws, coupled with our technical expertise in data engineering and cyber security. Together our client benefit from an all-round compliance service that can also support technical teams like IT support, IT infrastructure, and IT Security.
With the EU GDPR Article 27 (Representatives of controllers or processors not established in the Union), Datahub can provide representation to client who offer goods or services to EU or UK data subjects. With our UK office in London and European office in Madrid we can offer EU / UK representation to any of our clients.
The EU representative acts as an additional contact person for supervisory authorities and data subjects within the EU. Providing the client with compliance to Article 27 of the EU GDPR.
One example where we have helped a client improve their data protection process is with subject access requests.
Challenge
With GDPR an organization has 1 month to action a request from a data subject. The client had a process in place that worked but was very manual intensive and not very efficient. With their request process they would manually check for a new request each day and information was manually entered into an excel log. There was additional security required for the excel log so that only the compliance team could open and change information in the request log.
This process was time consuming and manual error could occur. Also, if the request was not updated straight away lead to inaccurate information.
Solution
Using our technical expertise and the use of data transformation we suggested a solution that would automate the process. The solution did not cost the organization any additional money as the solution utilized applications in their current business like Office 365 licence etc.
Collect of the Request
For the solution we initially worked with the website team to create a secure web page that could collect all the information for the subject access request. There was a secure portal where validation documents could be securely uploaded. All the above request information was stored in a secure database.
Bespoke Application
We then created an application using the Microsoft Power Platform that allowed the compliance team to update the request with comments and statuses etc.
Automated Alerts
We also included automated alerts for the compliance team. These alerts notified the team when a new request had been raised. Also, as there is a 1-month timeframe to action any request, if the request got to the last 7 days and not yet had a completed status, then a alert was automatically sent to the team notifying them that there was less than 7 days to complete the request. This ensured that the requests were all completed as per the timeframe of the data protection law.
Log File
The automation also created a log file associated with the request, so for audit purposes the organization could demonstrate that all requests were action timely and accurately.
Outcome
This made the Subject Access Request process more efficient, reduced manual effort and manual errors. Also ensured accurate logging of requests from an audit perspective. There was a small initial cost involve developing the system but there were no additional running costs from an application or licences perspective.
Taking the small implementation cost into consideration with the reduced manual effort by staff, the ROI (Return on Investment) meant that the client benefited financially within the first year.
Datahub Consulting are experts in a number of data protection laws from around the world. If your organisation processes personal information of data subject in many countries then you may need to comply with multiple data protection laws. Some laws (like GDPR) have extra territorial scope and this may affect the number of laws that your organisation needs to comply with. As experts we can advise on all aspects of data protection accordingly. We have worked with client to deliver successful projects in the data protection. See list below.
Europe
Gulf Region
U.S. / Canada
African Region
For our airline and airport clients we are the only data protection consultancy that specialises in aviation data. We have a team of experts that have a background in working with aviation data. For this reason we set up the aviation Centre of Excellence (CoE).
Our team have supported a number of airlines in the UK, Europe, and Middle East with their data protection journey. We are also the Data Protection Officer for some airlines.
As well as supporting with becoming compliant with data protection, for airlines and airport there are a lot of contractual agreements with other airlines and third parties services. Where personal information is involved there will also be data protection clauses within the contracts. We regularly review these data protection clauses and advise the airline accordingly.
To understand more about our Aviation Centre of Excellence then have a look at our website:
Aviation Center of Excellence | DataHub Consulting
Datahub Consulting offer data protection services as modules. This allows for organisations to select only the services that you require. We understand that no two businesses are the same and for this reason we sell the services in this way. For any data protection law that we specialise in, we offer:
Fundamentally, the role of the Data Protection Officer (DPO) is to be responsible for reviewing and monitor the organisations data privacy, inform and advise the organisation accordingly on any obligations, also be a point of contact for data subjects and supervisory authorities.
With different laws the requirement of a DPO can vary. The EU GDPR (General Data Protection Regulation) and the UK Data Protection Act 2018 does not require all organisations to have a data protection officer. In the GDPR articles it does state when a DPO is mandatory but there are also
If you are a global organisation, or an organisation that transfers personal information across borders then we would also recommend having a data protection office. With increased data protection laws coming into force in many countries having a data protection office is becoming more important.
We realise that all customers are not the same and have different Data Protection Officer requirements.
For this reason, our services and pricing are tiered so that we have a package for all organisations. From Level 2 and above you get a dedicated expert that will work with you, understand your individual needs, and integrate into your organisation.
Different clients have different DPO needs. The different levels of service means that smaller businesses can benefit without having to pay the same amount as a large global business. Also, an organisation may have an internal data protection team that can undertake most of the duties but just need support. For these reasons we have a 6 tier level of service:
Our data protection services at Datahub are built around the client’s business and modular so the client only pays for services required. In summary we offer:
Datahub are experts in global data protection laws and support businesses large and small all over the world. We work with global airlines, airports, retailers, healthcare organisations, and energy providers.
Contact Our Team
If you are interested in knowing more about our data protection or cybersecurity services what are the next steps!
It wouldn’t cost you anything to start a conversation with our CEO who is a data compliance practitioner and subject matter expert in global data protection laws. Our CEO is an expert in data engineering with 15 years consulting experience. He has advised global brands all over the world on data compliance and privacy best practices.
Contact us: Contact us | DataHub Consulting
Datahub Consulting Website: Data Consultancy Services | Datahub Consulting
Datahub Risk & Compliance Services: Risk and Compliance | DataHub Consulting
UK Information Commissioners Office – Guide to Data Security: A guide to data security | ICO
European Parliament NIS2 Directive: The NIS2 Directive (europa.eu)
Cybersecurity and Data Protection: Cybersecurity and Data Protection: a necessary and powerful duo | European Data Protection Supervisor (europa.eu)
We do not employ salespeople; our team are all experienced technical specialists that can talk you through any of our services.
Contact us