Outsourced Data Protection Support
Data Protection & Compliance Support
CSH Consulting provides outsourced Data Protection, GDPR & Compliance services to organisations who need additional support to manage Subject Access Requests, GDPR audits and Policy writing and review.
We have extensive experience within the Education sector including Multi Academy Trusts, Independent Schools, Local Authority Schools, Colleges and SME's across most business types.
With the increase in vexatious and Artificial Intelligence driven SARS’s, what used to be a fairly straightforward internal process, has become an overwhelming, resource heavy headache, taking skilled staff away from core roles.
We can take that headache away, manage the entire SAR process within agreed deadlines and provide independent and experienced support exactly when you need it.
The vast majority of our work comes from client referrals, so we must be doing something right. If you are unsure about trusting an outsourced provider with critical and time sensitive tasks please feel free to reach out and we will put you in touch with our most recent clients who will share their experience with you.
Our support is factual, straightforward and always based on the actual requirements at the time.
Data Protection and Compliance are always on the Board agenda, in some cases that is exactly where they stay! That is until an urgent issue arises, a personal data breach, a subject access request, a GDPR audit or when the organisation is pitching for a new contract and the due diligence questionnaire focuses heavily on the Data Protection and Cyber Security protections within the organisation.
We are here to help with these last minute urgent requirements and the long term planning of regulatory compliance across the organisation. We have never had a client who has been disappointed with our services or the size of the invoice at the end of the project.
We believe we have a unique approach to the provision of outsourced Data Protection & Compliance services, not only because we have an enormous depth of knowledge in this sector, but because we truly understand that each organisation has different requirements, budgets, stakeholders and challenges.
We are interested in the successful outcome of the service provided, delivered in time, in budget and within the regulatory requirements and standards.
If you have a query or would like to know more, please get in touch and we can talk things through without obligation.
COMMON SUPPORT SERVICES
Personal Data Breach
Personal Data Breaches will always happen, especially within education when you are processing the personal and sensitive (special category) data of students.
It is how you deal with them that matters. We provide advice and guidance, damage assessment, reporting and investigation services, right when you need it.
Subject Access Request (SAR)
Subject access requests can be overwhelming. What do you release, when is it not in the best interest of the requestor to release certain information, what forms of ID do you need to collect from the requestor? Is it contentious, is it vexatious, does it form part of an ongoing investigation?
We can help unravel and deal with all of the above and provide real time training on how to manage SAR's for your data teams.
GDPR Training
Yes, you need to do this, and you should make it interesting and relevant to your audience. It has to mean something to the individual and their day to day role.
GDPR and Data Protection training is a core part of our offering, and strangely one we very much enjoy!
Data Protection Impact Assessment (DPIA)
The DPIA is an important document that your DPO either writes or signs off based on the risk factors identified when you intend to share personal data with third parties (for example: the school or company MIS, Safeguarding platform, HR platforms, partner organisations and contractors.
They are living documents that contain key information about what data you are sharing, how you are sharing it with and why.
If you are unsure about the robustness of your current DPIA's or are considering purchasing a new data sharing platform, let us know and we can help make them relevant and compliant.
Once you have the DPIA template and the understanding of how they assist with training and understanding across all departments, you can confidently write them in-house with minimal extra support.
GDPR Compliance Audit
One of the key questions asked by organisations, their stakeholders and Governors is "are we compliant?" and "how do we know if we are doing it right?".
Those are the questions that we can answer with our GDPR Compliance Audit. The audit is a deep dive into all areas of compliance that your organisation should be either working on or have in place. The audit will provide a detailed RAG rated report highlighting the areas you are doing well, those areas which may need more work, and those areas that you might need support with.
This is not a self-service audit, we can conduct this audit on-site or remotely, walking you through every section of the audit, evidencing current processes, procedures and documentation, followed by recommendations and presentations to senior leaders if required. Don’t hesitate to contact us if you would like to know more.
Retention & Destruction of Data
Organisations create, store, and process huge amounts of personal and sometimes sensitive (special category) data over many years, and in many cases will “keep it just in case you might need it”.
This results in several issues from storage space for both hard copy and electronic data to not adhering to your retention and destruction schedule against set retention periods.
How many times has the stock cupboard become an accidental storage room for all those hard copy files that no-one is quite sure what to do with.
We can provide you with the skills and understanding to confidently apply the retention schedule and complete the appropriate paperwork, or we can do the job for you.
If you are considering what to do with the vast amount of data that you hold, get in touch and we can talk through the best options.


