All organisations which process personal data, irrespective of size of the company will need to comply with data protection laws. However, most organisations do not have access or resources to engage a full time Data Protection Officer. I offer Data Protection Officer service, as an external service, for organisations who may not have resources for an internal DPO.
Data Flows and Data Inventory Management
Data inventory and mapping are foundations for any data protection compliance project and a mandatory requirement under the GDPR. Data inventory can take considerable time and effort to complete. The data flows and inventory management solution I offer includes:
- Identifying data flows throughout the organisation
- Updating any existing data inventories
- Creating custom reports based on the inventories
- Regular reviews of the data inventories
Data Subject Access Requests
My Data Subject Access Requests (DSAR) optimisation offering makes handling of data subject requests easier, faster, and more efficient for your organisation. It includes:
- Bespoke web form for your organisation for data subjects to submit requests
- Assistance in replying to data subject requests
- Advise and guidance on the relevant applicable laws for DSARs.
Data Protection Impact Assessments
Data Protection Impact Assessments (DPIA) are required to be conducted whenever there are certain types of processing of personal data under the Kenya DPA and the GDPR. A lack of DPIA, whenever required, can lead to reprimands and fines from the supervisory authorities. My services includes:
- Set up of tailor made fields for an organisation to make it easier for non-legal departments to conduct a DPIA
- Making it simpler for organisations to conduct a DPIA.
- Advise and assistance on remediation measures identified by the DPIA.
Compliance management
Data protection compliance requires a continuous demonstration of compliance. This means management of a number of areas under the Kenya DPA. My services includes:
- Consent management, where consent is relied upon as legal basis for processing data
- Vendor risk management to ensure risks posed by suppliers and vendors is controlled
- Data Breach management within and outside the organisation in the event of breach.
Whether it is data protection for charities or businesses, I will make the process effective, efficient and simple so you can be assured that you are in compliance of your privacy obligations at all times.
Amit Gadhia
- Advocate of the High Court of Kenya
- Solicitor of the Senior Courts of England and Wales (practicing freelance)
- Certified International Privacy Professional-Europe (CIPP/E)
- OneTrust Fellow of Privacy Technology
- Privacy Engineering Certified
- Corporate Governance Professional (ICSA – UK)
- Certified Company Secretary (Kenya)
- Commissioner for Oaths and Notary Public
