Many UK companies that hold sensitive personal data fail to do this, and they risk ICO fines, civil litigation, suspension of business and their entity insurance, professional indemnity insurance and public liability insurance will be invalidated.
We provide an GDPR inspection and vetting service for UK companies so that companies and individuals can check that their suppliers and data processors ARE GDPR complaint and do not pose a data breach risk.
Article 28 of the General Data Protection Requirement Act of 2018 makes this mandatory for all UK companies especially companies who are contracted to the NHS like doctors, dental practices and independent pharmacies as they hold highly sensitive personal data and are viewed as “public authorities”.
Failure to adequately vet companies that you do business with and ensure that they are GDPR compliant can result in ICO fines and prosecution.
This can also result in civil litigation from clients who’s data has been lost or not stored secular and in the case of Public Authorities like doctors, dental practices and independent pharmacies, suspension of their practices by the NHS and the ICO.
This will also effect the entity insurance, professional indemnity insurance and public liability insurance as required by UK law for doctors, dental practices and independent pharmacies.
Failure to comply with GDPR regulations is viewed as a breach of contract and insurers like Beazley pharmacy insurance, The National Pharmacy Association, The Pharmacy Insurance Agency, the DDU Insurance and the BDA Insurance and many more now routinely ask if a company is GDPR compliant.
If a company say they are GDPR compliant but in reality they are not and they have a data breach or are issued a DSAR then the insurance companies will deny cover in the case of a claim.
To avoid all of this we will vet the companies and suppliers you do business and check if they are GDPR compliant and if not then we can direct them so that they can become GDPR compliant and then provide you with proof that they are like ISO/IEC 27001 or a Data Protection Officer (DPO) Endorsement confirmation
We review their privacy policies, data protection policies, and breach response procedures.
We review their privacy policies, data protection policies, and breach response procedures.
We identify exactly what data is being shared, where it will be stored, and who will have access to it.
We ensure that they have a legally binding contract (Data Processing Agreement) in place that explicitly covers the requirements of Article 28 of the UK GDPR.
GDPR compliance is not a "one-off" task. You have a duty to continue checking a processor’s compliance throughout the duration of the contract.
Perform periodic reviews of their security practices and data handling policies.
If the supplier uses other, lower-level suppliers (sub-processors), you must ensure the same level of data protection is imposed on them.
Check if data is being transferred outside the UK/EEA and ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place.
Correctly categorize suppliers handling sensitive data, large volumes of data, or having system access require more in-depth, frequent audits.
Correctly categorize simple, one-off, or non-data-sensitive contracts may require less intense vetting.
Under the GDPR principle of accountability, you must maintain records of your supplier assessments, the contracts, and any audits conducted to prove you have taken proactive steps to ensure compliance.
We perform research on behalf of companies and individuals to ensure that they comply with the UK General Data Protection Act of 2018 by checking that their suppliers and business contacts are GDPR compliant.
We check that their Independent Data Protection Officers (DPO) are properly registered with the Information Commissioners (ICO) . This performed by checking the official ICO data base of independent Data Protection Officers.https://ico.org.uk/ESDWebPages/Search.
We examine the website of the company to ensure that the correct consent caveats are there. That the correct cookie permissions are installed and that the companies privacy policy is correct.
We can issue Data Subject Access Request (DSAR) on behalf of our clients to determine whether the company has the correct paperwork to conform with the GDPR Act og 2018.
Please contact us about your requirements and we can give you a quote for this work.