• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Data, Cyber Risk & Compliance

 

Business transformation and risk management

Our multi-disciplinary team members have worked on some of the biggest Data Protection and Cyber Security transformation programmes and risk management projects in the market, including for GDPR compliance, to enable radical new business processes and to help remedy the worst cases of operational failure.

We provide clients with end-to-end, global support in these areas, including:

  • The development of visions and strategies for transformation and risk management programmes, including for the use of novel technologies and in crisis situations.
  • Maturity and current state assessments and diagnostics.
  • Project planning, including governance and reporting structures; target operating models; roadmaps with milestones, deliverables and other KPIs; resource plans and budgets.
  • Project management and programme assurance.
  • The design of risk models and methodologies and the performance of risk assessments.
  • Controls design and implementation.
  • Education, training and awareness.
  • Monitoring and testing.
  • Staff augmentation.
  • Legal advice and opinions, including to identify legal requirements and to assess legal compliance levels.
Cyber security strategy, operations and resilience

Cyber security and operational resilience are conditions for success and safety in the digital world. The size of the benefits that organisations take from increased connectivity with staff, customers and supply chain partners through digital channels is matched only by the size of the cyber security risks that they are exposed to in the ordinary course of business. These risks need to be understood and balanced in order to keep the organisation and its stakeholders safe from harm.

We help clients to understand and respond to cyber security risks in a manner proportionate to the unique circumstances of the organisation and the threats facing them. Our services include:

  • Cyber security vision and strategy development.
  • Transformation support, including project management.
  • Designing and embedding of standards, controls and risk management frameworks.
  • Maturity and operational resilience assessments, including benchmarking.
  • Threat and vulnerability assessments, including vendor risk management.
  • Security awareness training and business culture change.

 

Sustainable compliance

Compliance is an ongoing requirement, not a moment in time activity, and organisations have to be able to prove that their compliance programmes are enduring. We help clients to sustain their compliance and to demonstrate they are doing so, to the requisite level of proof. Our support includes:

  • Advice on legal and regulatory developments, trends and hot topics, to help keep clients' compliance activities focused, up to date and on track.
  • Provision of compliance toolkits, including all of the artefacts that are needed for accountability purposes, such as privacy and security by design frameworks; governance and operating models; risk assessment frameworks; policies, notices and contracts; controls libraries; playbooks and workflows.
  • Diagnostics for the assessment of operational and legal maturity and resilience levels and gap analysis.
  • Training and awareness services, including e-learning platforms and online courses.
  • Independent testing and monitoring of compliance levels, including audit and security penetration testing.
  • PrivacyTech and SecurityTech strategy development, selection and deployment, to boost productivity and reduce legal risk.
  • Staff augmentation, including the provision of data protection officer and EU representative services.
  • Managed Services for compliance, helping clients to sustain their programmes on both an outsourced and co-sourced basis.

 

Rights handling

The scope and reach of the data subject rights have been significantly increased by the GDPR and other legislative developments, as has public awareness of the rights and how to use them. Organisations are experiencing increased volumes of rights requests and in some cases they are being used to support other complaints and legal action. We have extensive experience of dealing with the most complex rights requests, as external advisors on points of law and practice through to the provision of end-to-end managed services. Our support includes:

  • Approach optimisation, to help clients to improve their processes and methodologies for the efficient and quick handling of rights requests, to minimise costs and disruption to their business, while maximising legal compliance levels.
  • Toolkit development, including the provision of materials that can be incorporated into rights handling models, such as workflows; risk matrices; policies; guidance notes; template response letters; and other key correspondence.
  • Staff augmentation, to provide you with surge capacity during busy times and crunch points.
  • Managed Services, where we handle the rights request from receipt, through data collection, triaging and delivery of the required information, or from any stage in the process where you will benefit from outsourcing.
  • PrivacyTech strategy and deployment, to help you to select the right technology partner for data search and retrieval, analytics, workflow management and process automation.

 

Data protection officer and representative services

Many organisations are required by law to appoint a data protection officer and others have elected to do so, while in some cases it is a legal requirement to appoint an EU representative.  Our support in these areas includes:

  • Target Operating Model design and advice, to ensure that DPOs and representatives are properly resourced, skilled and tasked as well as situated in the best business location or function to ensure optimised service delivery and legal compliance.
  • Outsourced services, where we can act as your DPO or your representative, to be the impartial check on your organisation's compliance.
  • Toolkit provision, so that the DPO and representative have the right materials at hand to perform their roles.
  • Staff augmentation to give your DPO and representative additional capacity whenever needed.

 

Mergers & acquisitions, vendors and suppliers

Many organisations have acquired or inherited data protection and cyber security risks through their relationships with third parties, including through M&A activity and the building of their supply chains. Often the nature of third party risks are misunderstood, due to inadequate due diligence procedures, putting organisations at operational and legal risk.

Our approach to the assessment and management of third party risks helps clients to improve their operational resilience and to maximise deal value in M&A and investment situations. Our support includes:

  • Advising acquiring organisations, venture capital firms, private equity firms and investors on the risk profiles of target organisations.
  • The development and performance of fit-for-purpose due diligence frameworks for deal situations.
  • The development of supplier and vendor risk management frameworks, including risk scoring and entity segmentation and categorisation; step-by-step procedural requirements; contract formation and re-papering; and post-contractual due diligence.
  • Operational testing of third party resilience, including penetration testing and auditing.
  • Reputation and identity scoring and monitoring.
  • Dark web monitoring.

 

New technologies and complex processing

Success in data protection and cyber security is contingent on understanding and mastering the issues that arise in the technology and data layers of the organisation and through the use of complex data processing techniques. Our support includes:

  • Functionality analysis, to understand the operational and legal benefits and challenges that are involved in the use of use of new technologies and complex processing techniques, including the performance of risk assessments.
  • Assistance with privacy and security by design for new technologies and complex processing techniques, to maximise operational resilience and legal compliance, including the development of technology and data strategies and the creation of technology reference architectures.
  • Advice on the state of the art, to help clients to make informed decisions on the deployment of new technologies and processing techniques.
  • Product design and market making, to assist technology and data companies with the development of new products and services and roll out.

 

Sign up for the latest trending topics and updates
Sign up to receive email updates for our news, events and latest thought leadership across your areas of interest.
   

Understanding the market

Latest insights

We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

Manage cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

Functional cookies

(Required)

These cookies let you use the website and are required for the website to function as expected.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.