What do we do?
TwoBlackLabs specialise in privacy and security risk disciplines, providing a range of services to both commercial and government organisations.
In a complex digital world, organisational boundaries no longer exist and therefore a ‘check box’ compliance approach to privacy and security is no longer sufficient. That is why we adopt a pragmatic, risk based approach, leveraging best practice privacy and security principles alongside our experience, all aligned to your business requirements to ensure solutions are practical, effective and relevant to you.
Our services are categorised in to four areas:
In a complex digital world, organisational boundaries no longer exist and therefore a ‘check box’ compliance approach to privacy and security is no longer sufficient. That is why we adopt a pragmatic, risk based approach, leveraging best practice privacy and security principles alongside our experience, all aligned to your business requirements to ensure solutions are practical, effective and relevant to you.
Our services are categorised in to four areas:
- Information Privacy
- Information Sharing
- General Data Protection Regulation (GDPR)
- Information Security
Information Privacy Services
Information Privacy is becoming more and more critical to organisations, gone are the days where it is bolted on as an after-thought or ignored altogether. Good privacy practice is more than a compliance or regulation discipline, organisations are integrating core ‘privacy by design’ considerations into project management and risk management methodologies and policies. Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start. Taking a privacy by design approach minimises privacy risks and builds trust. Designing projects, processes, products or systems with privacy in mind at the outset can lead to benefits, which include:
- Potential problems are identified at an early stage, when addressing them will often be simpler and less costly
- Increased awareness of privacy and data protection across an organisation
- Organisations are more likely to meet their legal obligations
- Actions are less likely to be privacy intrusive and have a negative impact on individuals.
At TwoBlackLabs, we recognise the need for practical privacy solutions that can cover the entire lifecycle and meet your individual business needs. Our Privacy services leverage privacy by design principles, translating the myriad of privacy regulations and requirements in to deliverable, pragmatic, business relevant strategies and policies. Our Privacy Services include:
- Creation of Programme Privacy Impact Assessments (PPIAs)
- Creation of Project Privacy Impact Assessments (PIAs)
- Provision of privacy advice for programmes and projects
- Privacy risk assessments
- Privacy control reviews and audits
- Privacy maturity level reviews
- Completion of Privacy Maturity Assessment Framework (PMAF) returns
- Development and review of privacy strategies and policies
- Management of privacy breaches
- Development of privacy statements
- Development and assessment of privacy requirements for RFPs.
Information Sharing Services
Designed for organisations who have specific information sharing requirements and compliance obligations, TwoBlackLabs offer a range of information sharing services including:
- Identification of current information sharing arrangements
- Approved Information Sharing Agreements (AISAs) and Information Matching Agreements (IMAs) development and maintenance
- Development of information sharing strategies.
General Data Protection Regulation (GDPR) Services
General Data Protection Regulation (GDPR) is legislation that will update and unify data privacy laws across in the European Union. The General Data Protection Regulation is set to affect many, and not just those in the EU.
New Zealand organisations therefore need to assess their obligations to be GDPR compliant. Although organizations located outside of the European Union might not give a second thought to EU regulations, the GDPR will affect nearly every organization that does business online, regardless of its geographic location.
TwoBlackLabs provides a range of GDPR specific services to allow you to assess whether your organisation might be subject to GDPR, your readiness for it and compliance to it. Services include:
- Data protection impact assessments
- GDPR readiness reviews
- GDPR advice and guidance
- GDPR training
- Serving as the point of contact for Supervisory Authorities
- Documentation and maintenance of information flows and processing activity records
- Customer interfacing to inform them how their data is being used and address any questions and requests
- Privacy risk assessments
- Privacy control reviews and audits
- Development and review of privacy strategies and policies
- Management of privacy breaches
- Development of privacy statements
- Auditing of processing partners
- Development and assessment of GDPR requirements for RFPs.
Virtual Data Protection Officer (vDPO)
GDPR necessitates a Data Protection Officer (DPO) for certain kinds of organisations and many others are choosing proactively to appoint one. The role is important for oversight, governance and to enforce the regulations of the GDPR as well as being responsible for the general strategy for the protection of data. The responsibilities of a DPO typically include:
- Training management and staff (including possible outsourced data entry staff) on data protection regulation requirements.
- Assessing compliance requirements adherence and addressing infractions.
- Serving as a contact to GDPR supervisors.
- Tracking performance and advising on likely results of data protection measures.
- Maintaining records of data processing activities, protection efforts and the reasons why they were implemented, in case of public request.
- Informing data subjects about how their data is being used, protection measures safeguarding their data and their ‘right to be forgotten’.
It can be difficult and costly to maintain a DPO with adequate skills and time to undertake the role. TwoBlackLabs can provide highly trained International Association of Privacy Professionals (IAPP) certified professionals to work with your organisation and take care of the DPO duties in a way that meets your budget and expectations.
Information Security Services
The business environment is constantly changing and new threats and vulnerabilities emerge every day. Organisations need to identify vulnerabilities and threats to their information resources and decide what countermeasures, if any, to take to reduce the risk to an acceptable level, based on the value of the information resource to the organization. Of course, the process of risk management is an ongoing, iterative process and must be repeated indefinitely.
Information Security is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of an organisation’s information resources. It is a general term that can be used regardless of the form the data may take. Information security can also be viewed as the balanced protection of the Confidentiality, Integrity and Availability of data, while maintaining a focus on efficient policy implementation and no major hampering of organization productivity.
TwoBlackLabs provides a range of Information Security services that allows you to assess or review the risks associated with your information resources and allow you to make informed decisions. Services include:
- Provision of security advice for programmes and projects
- Security risk assessments
- Security control reviews and audits (e.g. NZISM)
- Security maturity level reviews
- Protective Security Requirements (PSR) returns
- Development of security strategies and policies
- Management of security breaches
- Development and assessment of security requirements for RFPs
- Development of certification and accreditation (C&A) frameworks
- Completion of certification and accreditation (C&A) for products and services.
