A fast-track privacy audit for your business

Independent, actionable insights for Brexit and beyond

Understand immediate Schrems II impact

Baseline your current privacy programme

Gain a holistic view of global data and privacy risks 

Understand overlapping regulatory requirements 

Agree a foundational roadmap for remediation

Our partners in privacy

Prioritise trust as you scale your business

Far too often data and privacy strategies can fall behind the rapid pace of business change. HewardMills is uniquely placed to help you prioritise data and privacy excellence as you scale your business internationally. 

The DPO set-up report by HewardMills gave us an in-depth understanding of our privacy requirements, delivering a pragmatic and commercial understanding of our business

iManage

A privacy partnership that transcends compliance

Our multidisciplinary team immerses itself in your business to deliver a holistic maturity audit and clear roadmap for action across  your global legal, governance and talent operations.

We partner with your leads across four weeks, each starting and ending with a Zoom workshop to guide the discovery process and support stakeholders.

Schedule a call with a local expert

Four-week fast-track audit

Independent assessment

£12K fixed-price engagement

Dedicated team of experts

“The data protection office’s input into DPIAs have been a critical part of the success of our Privacy by Design programme. We felt that we definitely made the right choice with HewardMills.”

SYMANTEC

How the audit works

1 hour on-boarding call to discuss baseline maturity, immediate needs as well as ways of working and secure information sharing.

Four individual weekly modules. Progress reviewed via one hour Zoom workshops at the start and end of each.

HewardMills Audit Report: a board level roadmap for remediation and data and privacy excellence.

Here’s what we’ll cover in our onboarding call:

1. Our module based fast-track approach 
2. What we need from your organisation 
3. Who we need from your organisation 
4. How we collaborate together 
5. How we get started

Schedule a call with a local expert

Frequently asked questions

Call our data professionals  -
+44 (0) 20 3998 1840


HewardMills Ltd. registered in England:
Registered address: 77 Farringdon Road London EC1M 3JU
Company Number: 11211970
© Copyright 2012 - 2020   |   
Privacy notice

Yes. Absolutely. We update our courses to reflect any changes to the PMBOK or exam. You'll always get access to the latest material as it becomes available during your 6-month subscription period.
Yes! We offer a 100% PMP® exam pass guarantee. This is valid only on the 35-hour Complete PMP Exam Prep course and does not apply to any other module or course.

How It Works
1. If you complete the 35-hour Complete PMP Exam Prep course and fail the PMP exam within one calendar year from the date of course purchase, Brain Sensei will provide another 90 days access to the 35-hour Complete PMP Exam Prep course at no charge.
2. If you fail a second time, we will also provide another 90 days free access to the 35-hour Complete PMP Exam Prep course.
3. If you fail a third time, you will be refunded your initial purchase.
Based on feedback from our students,  most people take between 1-2 months to go through the course (but don’t feel bad if it takes longer, everyone is different!). We recommend regular study across whatever period of time you choose, rather than stopping for a long period and then restarting. The great thing about Brain Sensei courses is that you can review modules as often as you need to (within your subscription period).
Our coures are all online and self-paced - you can take as long as you like (within your subscription period).  Which means, there’s no instructor, but this doesn’t mean you’re on your own.  Reach out to us by clicking the big red help button on every page of our site or at contact@brainsensei.com if you’re struggling with a question or any part of the course.  We’re here to help!

Both our CAPM and PMP exam prep courses are packed with a huge amount of material as well as 4 full practice exams.  You can take and re-take any part of the course as many times as you like within your 180 day (6 month) access period.

Our belief is that the interactivity we've built into the online experience provides for better retention of the material and an increased chance of passing the exam (not to mention it makes the material much more interesting).

Independent, actionable insights for Brexit and beyond

WEEK 1: CORPORATE GOVERNANCE

An independent review of your organisational capabilities:
  • * Escalate data protection risks and issues within your organisation
  • * Identify organisational changes required to mitigate risks
  • * Establish a stakeholder based roadmap for a mature culture of privacy

WEEK 2: PRIVACY OPERATIONS

Create an implementation plan to operationalise privacy excellence:
  • * Establishing the role of data champions
  • * Enshrine DPIA commitments
  • * Documenting processor and controller activities for GDPR compliance
  • * Establish clear accountability and reporting for data breaches and incidents

WEEK 3: POLICIES AND PROCEDURES

Review policies and procedures to deliver best practices:
  • * Ensure policies are compliant with the relevant regulatory authorities
  • * Establish privacy as part of internal corporate culture

WEEK 4: TRAINING

Enable internal stakeholders to raise overall level of awareness:
  • * Ensure data protection training is available across the organisation
  • * Deploy where more specialised training is required (DPIA, PbD)
  • * Monitoring of employee training including inductions for new joiners and refresher courses

MODULE 1: CORPORATE GOVERNANCE

An independent review of your organisational capabilities:
  • * Escalate data protection risks and issues within your organisation
  • * Identify organisational changes required to mitigate risks
  • * Establish a stakeholder based roadmap for a mature culture of privacy

MODULE 2: PRIVACY OPERATIONS

Create an implementation plan to operationalise privacy excellence:
  • * Establishing the role of data champions
  • * Enshirine DPIA commitments
  • * Documenting processor and controller activities for GDPR compliance
  • * Establish clear accountability and reporting for data breaches and incidents

MODULE 3: POLICIES AND PROCEDURES

Review policies and procedures to deliver best practices:
  • * Ensure policies are compliant to the DPA
  • * Establish privacy as part of internal corporate culture

MODULE 4: TRAINING

Enable internal stakeholders to raise overall level of awareness:
  • * Ensure data protection training is available across the organisation
  • * Deploy where required more specialised training (DPIA, PbD)
  • * Monitoring of employee training ensuring new joiners and refresher courses are available

How is your audit assessment carried out?

We gather information using a bespoke on-boarding questionnaire for each module. If additional meetings are required to elicit more detailed information these are organised by our team to supplement our understanding of the questionnaire responses.

Do I need to submit materials/documents in addition to the questionnaire?

Yes, the more information supplied at this stage gives us a better understanding or your organisation and the maturity of your Privacy Programme. Some typical examples of documents are: policies in relation to data protection, org charts, terms of reference for any committees with responsibilities around data protection.

Are my company materials/documents securely stored?

Yes, HM uses SharePoint as its secure platform. Each of our clients who share documents with us have the option of using a secure portal that is created specifically for them on our platform.

Which stakeholders need to be involved?

This is dependent on the maturity of your Privacy Programme. Where organisations are less versed in data protection we would engage with General Counsel, head of business functions such as IT, HR, Finance, Marketing, Senior Management, and the Board to establish a Privacy Office to support data protection in your organisation. Where there is a more mature programme, we would interface with the Privacy Office and where requested aid other business areas in decision making and reviews of DPIAs, embedding Privacy by Design into your organisation's culture.

Does the audit distinguish between best practice and compliance actions?

Yes, we differentiate audit findings into high, medium and low priority categories. Any findings showing non-compliance to the DPA will be placed into the high category in addition to any high-risk items that we advise should be remediated within a 6-month window. Findings informed by data protection best practice standards are classified as medium or low priorities.

How is your audit assessment carried out?

We gather information using a bespoke onboarding questionnaire for each module. If additional meetings are required to elicit more detailed information these are organised by our team to supplement our understanding of the questionnaire responses.

Do I need to submit materials/documents in addition to the questionnaire?

Yes, the more information supplied at this stage gives us a better understanding or your organisation and the maturity of your Privacy Programme. Some typical examples of documents are: policies in relation to data protection, org charts, terms of reference for any committees with responsibilities around data protection.

Are my company materials/documents securely stored?

Yes, HM uses SharePoint as its secure platform. Each of our clients who share documents with us have the option of using a secure portal that is created specifically for them on our platform.

Which stakeholders need to be involved?

This is dependent on the maturity of your Privacy Programme. Where organisations are less versed in data protection we would engage with General Counsel, head of business functions such as IT, HR, Finance, Marketing, Senior Management, and the Board to establish a Privacy Office to support data protection in your organisation. Where there is a more mature programme, we would interface with the Privacy Office and where requested aid other business areas in decision making and reviews of DPIAs, embedding Privacy by Design into your organisation's culture.

Does the audit distinguish between best practice and compliance actions?

Yes, we differentiate audit findings into high, medium and low priority categories. Any findings showing non-compliance to the DPA will be placed into the high category in addition to any high-risk items that we advise should be remediated within a 6-month window. Findings informed by data protection best practice standards are classified as medium or low priorities.

Understand immediate Schrems II impact

Schedule a call with a local expert