window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-YFZ1F7T6M6'); window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-YFZ1F7T6M6');

What is Data Compliance?

If your organisation holds or processes personal data, then you need to think about the compliance and security of that data. Cybercrime is on the increase and all organisations are vulnerable.

Data Compliance is a governance framework that provides structures laws, regulations, and standards to keep the personal data of individuals safe. When organisations hold or process personal information they need to ensure that these laws, regulations, and standards are adhered too.

So, having the correct processes, policies, security, and infrastructure in place is essential. Datahub can support you on this. Datahub Consulting has a dedicated team of compliance experts.

Why is Data Compliance Important?

Data protection laws are in place to govern data controllers and data processors to make sure the data of subjects data is used for the correct purpose, accurately, fairly, and in a lawful way. In today’s world it’s important for data to be used by businesses to provide the service and demands of customers. But doing this in a secure and diligent way to prevent cyber security breaches happening.

No matter which data compliance law applies it’s important as a business to be compliant, and to make sure that compliance is embedded in the business processes. This is called data protection by design.

Why Datahub is Different?

As we are data compliance specialists in multiple data protection laws, we can advise on which laws you will need to comply with. For some global organisations that offer services to data subjects in different regions, then multiple laws can apply. Please see below for data protection laws that we specialise in.

DataHub Consulting are experts in 3 areas all related to supporting clients with data compliance. Fundamentally our background is data and technology with qualified data engineers.  Our data engineers have a technical IT background that can provide compliance technical advice on topics such as encryption, data security, server and PC access control, firewall settings etc.

Couple this technical compliance approach with with our dedicated compliance legal support, we can provide end to end compliance solutions for our clients. This is the reason we are the chosen data protection partner for a number of global airlines.

Legal Compliance

All our compliance team are GPPR practitioners.

We are the Data Protection Officer for global organisations in Aviation, Retail, and Logistics.

We can provide legal reviews for compliance agreements with data processors, sub processors and third parties.

Technology

With our team of data engineers, we can work with internal technical teams to make recommendations on subjects like Backup & Data Destruction Strategies, Anonymisation, Encryption, Data Security, Cyber Security, etc.

Can implement bespoke GDPR monitoring reports & dashboards.

Data

Datahub have a background in data solutions. We understand how data is used in databases, cloud & applications to give the client an informed recommendation to adhere to and comply with data protection laws.

Datahub have a deep understanding of Data Security, Secure Data Transfer Methods, and IT Systems.

How to Ensure Data Compliance

Datahub can advise on this in more detail in an initial conversation as this is a large topic. We would be able to advise based on your industry, geographic locations, and size of business.

But for any organisation who have not considered data compliance before, then Datahub have a framework that we use to assess, implement, and test for compliance. Data Compliance is the responsibility of the organisation to prove compliance. With Datahub’s compliance framework that can be demonstrated through process logs and audit documents.

For any organisation that is not sure if they meet data compliance requirements then Datahub can undertake an initial audit to identify levels of compliance, and areas that would need addressing. For these areas then we would propose in the audit report remedial actions that can be used in a compliance action plan.

EU Representation

GDPR Article 27 – Representatives of controllers or processors not established in the Union.

In short, companies need an EU representative if, as a controller or processor, either offer goods or services to data subjects, or monitoring the behaviour of data subjects in the Union, and are not established in the EU.

The EU representative acts as an additional contact person for supervisory authorities and data subjects within the EU. In this instance the representative acts on behalf of the controller.

Datahub have offices in both the UK and also EU. For this reason, Datahub can act as your representation to comply with UK or EU data protection laws.

Data Protection Laws That Datahub Specialise in

In 2018 the EU GDPR was a game changer in data protection law. GDPR was the first law to provide data protection for modern use of personal data. For example, mobile technology use, video recordings, facial recognition, finger printing etc.

Countries have been monitoring the global acceptance of GDPR. These countries currently have, or are in the process of introducing similar laws.

Datahub are experts in the various data protection laws across the European, Gulf Regions, Africa, and Canada.

Europe

  • General Data Protection Regulation (2016/679, EU GDPR)
  • UK Data Protection Act 2018 (UK GDPR)
  • Swiss Federal Act In Data Protection (nFADP)

Gulf Region

  • UAE Data Protection Law (Federal Decree-Law No. 45 of 2021)
  • KSA Data Protection Law (Royal Decree M/19)
  • Oman Data protection Law (Royal decree no 6/2022)

U.S. / Canada

  • EU-US Data Privacy Framework
  • Canadian Data Protection (Quebec Privacy Law 25)
  • Canadian Federal Data Privacy Law, Personal Information Protection and Electronics Act (PIPEDA)

African Region

  • Kenya Data Protection Law (2019)

How Can Datahub Support You?

Datahub can support and help your organisation with:

  • Dedicated compliance expert that will understand your business
  • Risk Analysis
  • Audits
  • Creating or reviewing compliance documents
  • Training
  • Data Protection Offices as a Service
  • Data Compliance Legal Services
  • EU and UK representation for Non-EU based organisations
  • Provide expert advice

Document Creation / Review

Yearly document reviews are essential to maintaining compliance. Using Datahub documents will be reviewed by data engineers and legal experts

Auditing

Datahub can undertake a detailed independent audit. An audit report will be produced with remedial actions where necessary

Risk Analysis

Data Compliance is based around risks to the data of the data subjects. Datahub can support with gaps, risks, and impact assessments to help your organisation manage and mitigate the risks

Data Protection Officer Services

Having DPO Services through Datahub are a cost-effective way to have DPO support. Some data protection laws require organisations to register a DPO

Training

Training of staff and leadership team is key to maintaining compliance. We travel globally to clients offices to conduct training. We can provide a video library of training specific to your organisation

Record of Processing Activity (ROPA)

Maintaining a Record of Processing is required with many of the laws that we specialise in. Datahub can support on creating, maintaining, and advising of ROPA

Dedicated Data Protection Expert

With Datahub you will get a dedicated Data Protection Expert. All of our compliance experts are certified and have years of experience working with global clients

Data Protection Legal Services

Legal Services to review documents and to advise on legislation

Data Mapping

Mapping the flow of personal data is essential for data compliance so that organisations understand and can prove data processing

Frequently Asked Questions

The EU General Data Protection Regulation (EU) 2016/679 of the European Parliament became law in 2018. At the time, the UK was one of 28 EU countries that implemented the law as the data protection regulation for their country.

With Brexit the UK separated from the EU and was therefore responsible for implementing its own data protection law. The UK implemented the “Data Protection Act 2018 (DPA 2018)” which is similar in context to the EU GDPR. The UK has tight data protection laws, same as the EU. In doing so the EU adequacy decisions apply.

From July 2023 the EU commission provided an adequacy decision to the U.S. based on the Executive Order (EO) 14086 issues by President Biden. As part of this decision there has been a framework put in place by the U.S. Department of Commerce to support cross border transfers. This framework will allow U.S. based companies to facilitate cross border transfers in compliance with EU law. For this to work the company will need to self-certify participation in the EU – US Data Privacy Framework. Datahub Consulting can work with any U.S. company to provide advise and support with participation in the framework. We can also advise any EU, UK, or Swiss company when there is a data processor in the U.S. and wanting to transfer data containing personal information to the U.S.

The U.S. Department of Commerce website states:
To participate, companies must self-certify and publicly commit to comply with the EU-U.S. DPF Principles, which are enforceable under U.S. law.
https://www.commerce.gov/news/press-releases/2023/07/data-privacy-framework-program-launches-new-website-enabling-us

The answer to this is No. Any business that processes the data of data subjects are required to provide the necessary safeguards to protect the personal data. Data subjects are not only customers, but also employees. If you employ staff your HR team will hold personal information of those employees like name, date of birth, National Insurance number, visa details (if applicable), bank account details etc. All of these are considered as personal information.

Please note that in the UK if you process personal information the business needs to register and pay a fee to the UK supervisory Authority, ICO (Information Commissioners Office). Please use the ICO Fee Checker to understand the tier band and the fee that would be applicable to your business.

This will vary from one company to another. Initially with any data protection implementation there will be a gap analysis where Datahub will assess the gaps and what will need to be achieved for compliance.

From the gap analysis if you want Datahub to support on any remedial actions we can advise on the estimated duration and cost. Initially the only commitment is the cost of the gap analysis, from there we will discuss the next steps.

As a high-level estimate, from our experience, for a small organisation the implementation could take approx. 3 weeks. For large enterprise organisations this could take up to 4 months.

As mentioned above this will be dependent on the work involved and will vary from company to company. The only initial commitment is for Datahub to complete a gap analysis. From this analysis we will provide a report with recommendations. At this point we can identify the cost involved.

No. At the current time there is no external assessment for certification of GDPR compliance. Organisations are required to be compliant if they process personal information of data subjects. It’s up to the organisation to be able to prove compliance with the EU GDPR or the UK Data Protection Act (2018). Having Datahub lead a data protection implementation we will provide organisations with the gap analysis report, action plan, and audit report. Together with procedures, policies, and log files, compliance would be easily demonstrated.

EU GDPR, UK Data Protection Act 2018, and several Middle Eastern data protection laws state that, not all organisations require a data protection officer.

EU GDPR Article 37 states that a controller or processor are required to designate a data protection officer when:

  • the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
  • the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
  • the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offences referred to in Article 10.

If the above does not apply, then the organisation can choose if they designate a data protection officer. In this case Datahub provide 6 data protection officer service plans that can support any organisation. These vary in services and cost but will provide all organisations with the assurance that they have an independent expert to advise.

For global organisations we would recommend a data protection officer with knowledge of the required laws. Datahub work with airlines that need to be compliant with multiple data protection laws and we have the experts that specialise in global data protection.

Find out more about our Data Protection Officer services.

For global organisations there could be multiple data protection laws to comply with. This initially sounds overwhelming, but this can easily be achieved.

The EU GDPR was one of the first laws to provide data protection for modern use of personal data. For example, mobile technology use, video recordings, AI and technology like facial recognition, finger printing etc. Countries monitored the global acceptance of GDPR, and now other countries are introducing similar laws. The U.S. have multiple laws which can be state governed. There are new laws implemented in the middle east regions, such as Oman, UAE, Saudi Arabia etc.

Datahub are experts in many data protection laws and travel the world advising organisations. We would be able to create an implementation plan to comply with the applicable laws based on your office locations, geographic regions of your data subjects, and and cross boarder transfers that you may need to do.

Find out how we can help

We have a team of experts that can help you with Data Protection, Data Protection Officer services, or Cybersecurity. Please contact us to arrange an initial conversation.

Contact us