Medical and Healthcare

Lets talk about Healthcare

Medical and Healthcare

The healthcare sector is a mandatory registrant as a Data Handler. Healthcare sector
demands that a lot of extra precautions are taken when processing sensitive patient data.
We offer you a range of data protection services that will help ensure your organization takes
the best care of patients’ data.
We provide:

  • Outsourced Data Protection Officer services

  • Data protection advice line

  • Data protection training

  • Data security and protection toolkit, and

  • Routine awareness.

Outsourced Data Protection Officer

  • Your organization can demonstrate compliance with evolving data protection laws.

  • Provide you with visibility of the maturity of your compliance with evolving data
    protection laws.

  • Demonstrate risks associated with your processing of personal data and spot areas
    of weaknesses which could lead to breach or compliance failure.

  • Set up data protection standards and implement accountability mechanisms

  • Contribute to ongoing customer trust and engagement development.

Outcomes

  • Immediate access to subject matter experts and a broad team of experienced data
    protection professionals.

  • Remove the “unknown” in the internal processes

  • Peace of mind from having broad team of experts address your privacy needs

  • Improved trust, elevated reputation, and ever-increasing organizational value.

Our Outsourced Data Protection Services

  1. Compile an Asset Register and Data Map

  2. Draft and Review your Policies

  3. Records of Processing Activities

  4. Impact Assessments and Gap Analysis

  5. Data Protection Training

  6. Data Sharing and International Transfers

  7. Privacy-by-Design

  8. Data Protection Audit Readiness Assessment

Why You Should Reach Out If you are in the Healthcare Sector?
We have demonstrated experience with consultants that will deliver far greater value for your
organization. Our cost-effective informed advisory opinions offer appropriate solutions for
your unique organizations needs.

  • Highly cost effective

  • On-tap resources

  • Experience and Shared best practices gained from working with 100+ clients

  • Pragmatic, straightforward solutions

  • We offer on-site support as needed

  • Pre-existing validated and tested model documentation.

  • Local and International Expertise.

Data Protection Advice Line
The advice line is resource with experienced and qualified Data Protection Officers. The
service is available during from Monday to Friday 8:00am-5:00pm and Saturday 8:30am-
12:30pm.
It can be accessed either by email or telephone. The advice line will answer your data
protection queries as and when they arise
Your queries will always be handled by DPOs with specific knowledge of your organization.
We shall always aim to provide initial response within 4 working hours or less.


Compliance Review
To provide answers quickly, accurately, and comprehensively, you may be asked to
undertake a compliance review. This is just to present an understanding of your
organization, data landscape, and existing compliance framework.


How your Organization Benefits from this Service

  • Rapid response to data protection queries

  • At-hand advise

  • Qualified, experienced data protection professionals,

  • Kenya, Africa, UK, US, expertise.

Data Protection Training
The Data Protection Act mandates the DPO to “facilitate capacity building of staff involved in
data processing operations.”
The Data Protection (General) regulations 2021 requires data controllers and data
processors to put in place “appropriate technical and organizational protection standards.”
One of these measures is through role-specific training.
A high percentage of data breaches can often be attributed to human error, so staff
awareness of KDPA, 2019 compliance and basic data protection concepts in fundamental.


Why South-End Tech Ltd Training
Our sessions are different from others and are specifically tailored to the bespoke
requirements and environment. In addition to customizing the trainings to the environment
and requirements of the organization, we also ensure we address the expectations and
requirements of the internal policies. Your staff will know not only the legislation but also the
expectations imposed upon them.
We deliver each module with an assessment of understanding that can be completed online.
We are NITA-Accredited. This means you can definitely get back your reimbursement after
training.


Data Protection Service Trainings

  • Data Protection Training for Directors and Senior Stakeholders.
    Our Data Protection Compliance courses for directors and senior stakeholders ensure
    directors are equipped with general awareness alongside their governance and accountability requirements.
    We guide you through accountability requirements to avoid putting the organization at risk.

  • Data Protection Training for Client Facing Staff
    Staff must understand data protection from role-specific perspectives and environments. Our
    training takes note of specific policies and procedures within your organization and the
    modules and content tailored to match these specific aspects.

  • Data Protection Training for Department Managers
    Your managers require more in-depth sessions which go beyond basic awareness
    requirements. Departments thrive when process owners understand data processing that
    relate to their specific departments.

  • Data Protection Refreshers Training
    We offer annual data protection training to ensure data-facing staff maintain competency and
    understanding of data protection requirements.


Retail and eCommerce
Both traditional retail and e-commerce retailers have been impacted by Technology and Data
Protection.

Retailers and eCommerce businesses must play close attention to how they collect, store,
and use personal data. In addition to maintaining accurate sales record, you need to

  1. Maintain marketing databases that record and manage consent in line with the Kenya
    Data Protection Act.

  2. Observe lawful retention and disposal guidelines.

  3. Respect data subject rights.


The type of personally identifiable information across multiple platforms is massive. Loyalty
program records, online payment systems, CCTV, delivery records are just some. While
most retailers still rely on paper-based systems, we implement data minimization practices to
avoid duplication and holding of unnecessary data.
At South-End Tech Ltd, we help retailers map their data flows, implement compliance
policies and procedures, train staff and maintain ongoing compliance with the ODPC.
Our Services extend to all your Retail and e-Commerce Operations

  •  Sales and Direct Marketing

  • eCommerce

  • Multiple Brick and Mortar Outlets

  • Staff and Training

  • Administration

  • Data Security

  • Policies and Agreement