Privacy Management, Compliance and Information Security Management

 

As a current  CCPCIPM and CIPP/E and ex CLAS consultant I have been dealing with compliance as well as technical security and information assurance for some 20 years.

As I have privacy management as well as Information Security experience I present both aspects of Information Assurance (ie Ethical Hack Testing, Risk assessment remediation  architecture with Privacy management together on this site

 

Privacy Management

Data Protection Officer and Privacy Consultancy

 I have experience and qualifications in assessing the legal requirements for personal data protection, in privacy program management and the jurisdictional requirements for cross border personal data flow.

 In simple terms this is what privacy management provides:-

1) An assurance of compliance against privacy litigation

 2) Correct  management of personal information

 3) Strategies for the management of privacy processes to reduce the reputational damage from a breach

 4) Strategies for the management of and damage limitation from a breach in the unfortunate circumstances of it actually happening ..

 I can do this in two ways

 1) be your Data Protection Officer

 2) be your Privacy Manager

 In 2017-2018 I worked with the Cabinet Office Government Digital Service (GDS) privacy manager to ensure that all my projects were GDPR compliant 

 I have studied with the International Association of Privacy Professionals and hold their Certified Information Privacy Professional/ Europe (CIPP/E) and the Certified Information Privacy Manager (CIPM) certifications verifiable from this page

 I am expert in European and British privacy law having been examined on this body of knowledge and in privacy program management on this body of knowledge

 I am also expert in Privacy Engineering, a super-set of the Information Security controls with which I have worked for some 20 years and hold the NCSC CCP, and ISC2 CISSP and  CCSP  certifications.

 

Information Assurance Management

 HMG Information Assurance : CESG/Cyber Certified Professional CCP NCSC Certification

 I have had the pleasure of having my skills and experience in Information Security of the last 20 years endorsed by the National Cyber Security Centre through an assessment of examples of my work over the last 8 years with the award of Certified Cyber Professional (CESG Certified Professional) as at 31st August 2020.

 Here is a link to a full CV summarizing 27 years in Information Security,

 These are the areas in which I work and have been certified  :-

A1 - Information Security Governance

A2 - Policy & Standards 

A3 - Information Security Strategy

A4 - Innovation & Business Improvement

A5 - Information Security Awareness and Training

A6 - Legal & Regulatory Environment

A7 - Third Party Management

B1 - Risk Assessment

B2 - Risk Management

C1 - Security Architecture

C2 - Secure Development

D1 - Information Assurance Methodologies

D2 - Security Testing

E1 - Secure Operations Management

E2 - Secure Operations & Service Delivery

E3 - Vulnerability Assessment

F1- Incident Management

F2 - Investigation

F3 - Forensics

G1- Audit & Review

H1&2 – Business Continuity Management

I1 - Research

 

 


Data Protection Officer and Privacy Consultancy

 I have experience and qualifications in assessing the legal requirements for personal data protection, in privacy program management and the jurisdictional requirements for cross border personal data flow. 

In simple terms this is what privacy management provides:-

1) An assurance of compliance against privacy litigation

2) Correct  management of personal information

3) Strategies for the management of privacy processes to reduce the reputational damage from a breach

4) Strategies for the management of and damage limitation from a breach in the unfortunate circumstances of it actually happening ..

I can do this in two ways

1) be your Data Protection Officer

2) be your Privacy Manager

In 2017-2018 I worked with the Cabinet Office Government Digital Service (GDS) privacy manager to ensure that all my projects were GDPR compliant  

I investigated cross border transfer aspects of the procurement of Online Tools (Art.44-50).

Assisted with records made of the legal basis of processing and storage of data for various projects (Art.30)

Investigated the legal bases of processing vs data subject rights (Art.12-23).

Designed privacy policies for various projects including for the GOV.UK platforms (Art.25)

Undertook multiple Data Protection Impact Assessment (DPIAs)(Art.35) for GOV.UK platforms.

Undertook Privacy Impact Assessments (PIA) (Art.36) together with Data and System design (Art.32)

Assisted the Cabinet Office Data Protection Officer (DPO) in the delivery of his responsibilities (Art 37-39)

I have studied with the International Association of Privacy Professionals and hold their Certified Information Privacy Professional/ Europe (CIPP/E) and the Certified Information Privacy Manager (CIPM) certifications verifiable from this page 

I am expert in European and British privacy law having been examined on this body of knowledge and in privacy program management on this body of knowledge 

I am also expert in Privacy Engineering, a super-set of the Information Security controls with which I have worked for some 20 years and hold the NCSC CCP, and ISC2 CISSP and  CCSP  certifications.