Data owners can be sure correct processes are in place for fair payment of file use. Recover lost revenues from undeclared or misreported returns
Understand if you are at risk as the Data Controller due to inadequate processes or security risks in operation at your resellers, licensees or 3rd Parties.
An independent review can identify opportunities for improvements in the relationship between you and your licensees to benefit both parties in the future.
An expert independent view of how 3rd parties are operating the contract to ensure it is in line with the data owners’ terms and conditions
More and more organisations are entrusting their data to 3rd Parties either for them to licence and use or for them to manage on their behalf. 3rd party managers and processors can range from marketing service providers through to cloud based services.
New EU Legislation will make data processors and controllers jointly accountable for the appropriate controls and measures in place to protect customer data - so ensuring your 3rd parties are following your rules is essential.
Mis-licensing in the “data owner” industry is wide-spread and whilst much is unintentional the revenue loss to the data owner can be significant. That’s why over 80% of the UK’s leading commercial data owners trust us to independently audit their partner compliance.
Typically our revenue royalty audits provide a return on investment as well as enabling you, as the Data Controller to ensure your obligations under the Data Protection Act (1998) are being taken seriously and data is being managed securely.
Our audit programmes typically start with a test audit to ensure that we have understood the terms of your licence or contract and have developed a suitable audit template to report on results. Most audits are 2 days on site so can be arranged usually within 28 days. We can also develop standards for 3rd Parties to operate to and then review their progress against the contract.
All our audit team are trained Data Protection and Data Security experts with most being ISO27001 Lead Auditors. They also hold CISA (Certified Information Systems Auditor), CISMP (Certified in Information Security Management Principles) and Certificates in Risk Information Systems Control (CRISC). We have now not only developed an unparalleled expertise in this market, but have also identified significant amounts of outstanding royalties for our clients.
Ongoing regular reviews ensure any common themes or issues are understood. If required we can support 3rd Party remedial activity to improve data security and overall data protection compliance.
What our clients say:
“We’ve been using DQM GRC since 2008 to conduct an ambitious programme to ensure compliance with our licence and to ensure Royal Mail was getting fairly paid use of our IP. We were keen to use external help to enable us to audit as many of our Solution Providers as possible. Whilst overall compliance is pleasingly high, there were several instances of mislicensing that have required clarification with the terms of the licence and from which we have recovered unpaid fees.
DQM GRC has provided a responsive and efficient service over this time and their auditing has enabled us to recover significant revenues and ensured confidence in the licence.”
Royal Mail, Address Management Unit, owners of the Postal Address File (PAF)