Description of the contract
Tai Tarian is seeking to engage the services of a Service Provider to undertake a data protection compliance review against the requirements of the Data Protection Act 2018/UK GDPR and Privacy and Electronic Communications Regulations 2003.
The review will assess the effectiveness of our information processing activities and data protection compliance management arrangements, to identify information-related risks and to define any required action to mitigate the risks. The review will also provide an action plan for Tai Tarian to enhance its data protection and information governance processes as required.
The Service Provider will have a proven record of the knowledge and expertise in undertaking data protection compliance reviews.
Tenderers are invited to submit a fee proposal against the specification below.
The review will consider the following:
- Assess the level of compliance with the Data Protection Act 2018/GDPR and PECR 2003;
- Assess the level of compliance with the organisation’s own data protection system/arrangements and data handling practices and identify potential gaps;
- To provide information for an on-going, monitoring and review of the data protection system and the management of data processing operations review;
- To check that sufficient evidence is accumulating of compliance for accountability purposes;
- Reviewing data protection knowledge and awareness.
The anticipated timetable for deliverables of the audit following award are as follows:
- W/C 29th January 2024 meet with Tai Tarian Staff and commence audit
- W/C 26th February 2024 Final Report and Action Plan
Outcome
Production of a report with an action plan, to include the scope detailed above with further details on:
- Privacy Information
- Evidence of accountability
- Lawfulness of processing in particular consent and Legitimate interests
- Identification of processing activities outside of the EEA
- CCTV
- Accountability Framework
- DPIA compliance
- Upholding individual Rights
|