HiveMind
Internal HiveMind Network – GDPR Services
Project Overview
We are seeking GDPR consulting services and would appreciate your expertise in identifying the essential areas we need to address, along with a pricing proposal.
Below is an overview of our business and the general scope of services we are considering:
Business Overview
-
Type of Data Collected:
-
We collect and store data on our members, who are effectively one type of customer. For some members who engage commercially, we store additional data.
-
Member data may include personal details as some are sole traders or individuals.
-
We also collect data on clients who commercially engage with us. This data is strictly professional.
-
-
Data Storage and Systems:
-
Data is stored using a mix of external services (e.g., Xero and Hubspot) and an in-house system hosted on AWS servers located in Ireland.
-
-
Jurisdictional Considerations:
-
As our hosting is in Ireland, so we may be subject to both UK GDPR and EU GDPR requirements, along with any relevant e-Privacy regulations.
-
Request for Expert Advice
We would like your guidance on the areas we should prioritize to ensure compliance. Below are some of the topics we’re considering, but we are open to your input on what is essential for our business:
-
Article 30 Review
-
Updating records of processing activities to reflect current data flows, systems, and partnerships.
-
-
Policy and Contract Review
-
Review data protection clauses in our policies and contracts.
-
Clarify roles, data locations, and required safeguards in any existing or upcoming Data Processing Agreements (DPAs).
-
-
Data Protection Impact Assessments (DPIA), Transfer Impact Assessments (TIA), and Legitimate Interest Assessments (LIA)
-
Assistance with these assessments to ensure compliance and alignment with Article 30 records and contract reviews.
-
-
Data Breach and Subject Rights Responses
-
Support in preparing streamlined breach and Data Subject Request (DSR) response protocols.
-
-
Ongoing Data Protection Officer (DPO) Support
-
Provide ad-hoc query support and board-level reporting on data protection compliance.
-
-
Training and Awareness
-
Deliver an introductory GDPR presentation for all employees and integrate annual refreshers and onboarding processes.
-
-
Additional Observations
-
We were informed that our current privacy notice may have gaps (e.g., lack of DPO email access, unsubstantiated claims about ‘adequate measures’, and potential PECR non-compliance).
-
The use of Google Tag Manager (GTM) may imply data transfers to the US, requiring clarification on safeguards.
-
Request for Proposal
Please provide:
-
Your professional opinion on which areas are essential for our business to address based on the information provided.
-
Pricing for the services you recommend as priorities.
-
Details on your approach to delivering these services and expected timelines.
How to Apply
If this opportunity is of interest to you, you are encouraged to apply with a brief on how you would navigate this and your experience in this field. Should you have any questions, queries or concerns – please do not hesitate to contact me at jason.wedlock@hivemindnetwork.com
Brief of Process:
1. Application/CV screening for interview
2. Interview/Chat with CEO
3. Offer/Reject
Skills Tags: AWS, compliance, consulting, contract management, CRM Systems, data, Data Analysis, Data Governance, Data Management, DPA (2018), GDPR, governance, PCI DSS, GDPR, SOX Compliance, Privacy, Protecting/monitoring data assets
You must sign in to apply for this position.