Data privacy services

By 25 May 2018, all organizations must have implemented the GDPR’s principles and the rules will be directly applicable in all EU Member States. This is the opportunity to take control over your most valuable asset and manage data in favor of your business, not only to comply with law and to avoid paying penalties.

Comprehensive GDPR Service Offering

Data Privacy  Completeness Check

Results of Completeness Check of GDPR compliance and deployment completeness will provide you with realistic overview on GDPR compliance status on general level and in key data processing areas. By this, you will be able focus effort on potential blind spots in an effective manner. Next step can be definition and implementation of improvement measures to achieve full GDPR compliance, e.g.

  • Definition and implementation of processes related to data privacy
  • Preparation or update of internal guidelines and policies related to personal data protection
  • Preparation or update of privacy notices and consents
  • Review and update of data protection agreements
  • Training of employees

Data Protection Officer Services

To maintain GDPR compliance and / or to deliver the complex DPO, breath of skills is required which is unlikely to be covered by a single individual. Therefore, we offer a client-suited set of services varying from co-sourcing (i.e. support in specific areas of Personal data protection) to full-outsourced DPO role, covering e.g.

  • Coordination and Supervision
  • Compliance Monitoring
  • Record of processing activities & Documentation Maintenance
  • Awareness Raising and Advisory
  • Regulations Tracking
  • Coordination of Data Protection Impact Assessment
  • Point of Contact for the supervisory authorities
  • Support for Data Subject Requests and Data Breaches Management

Data Protection Impact Assessment

Data Protection Impact Assessment, also known as Privacy Impact Assessment (shortly “DPIA”) is a process to help organizations identify, assess and mitigate or minimize privacy risks associated with personal data processing activities. DPIA focuses on:

  • Description of critical processing operations that are likely to result in a high risk to the privacy of natural persons
  • Assessment of the necessity and proportionality of the processing in relation to the purposes along with measures to comply with
  • Risk assessment of impact on the rights and freedoms of data subjects
  • Mitigation measures envisaged to address the risks and to ensure regular monitoring and review of compliance with the GDPR

Benefits for clients

Example of projects activities

RPA & documentation maintenance

  • Reviewing, commenting and  challenging of GDPR relevant documentation to achieve compliance.
  • Validation of Records of Processing Activities (RPA) based on input on changes provided by controller or processor. Process of annual assessing and evaluating of RPA status.

Providing data privacy P2P consultation

  • Responding to questions of your dedicated staff concerning Data Privacy. Your organization would have a special email address  (e.g.: DPO.[Client] In future a supportive tool (Chatbot) will be launched, to respond standard questions of your staff in real time.

Reviewing consent mechanisms

  • Review of complete process for management of data subject consents incl. collection of consents, evidence and renewal.
  • On-going and regular check of fulfillment of duties related to consents (expiration of consents, limitation of consents etc.) to ensure privacy compliance.