The introduction by the EU Parliament of the General Data Protection Regulation (GDPR) which has been in effect since the 25 May 2018 is the biggest change in data protection law for over 20 years.
Every organisation needs to assess their position and establish if they comply with the GDPR. Preparing for the new regulatory framework can be a complicated process requiring a set of specialized and complementary business, technology, compliance and legal skills and experiences.
Having worked with numerous customers in multiple industries and sizes, we are confident to be able to assist our customers develop an effective roadmap towards “privacy by design” and overall GDPR compliance.
Our GDPR consulting services are flexible and designed to address the needs of organisations independently of their current level of maturity, as described below.
Privacy Maturity Assessment
Typically short assignments, they comprise a collection of information, workshops with designated executives and deliverable preparation, submission and presentation. The key deliverable from this initial phase of the GDPR journey comprises heavily practical advice across People – Process – Technology, reflecting:
- identification of GDPR gaps, prioritised for risk and implementation complexity
- timeline project plan for implementing recommended actions, with clear team indications, departments and skills involved and
- budgetary information (where possible) regarding the investments and costs involved.
GDPR Compliance Solutions & Certification Support
The execution of approved actions for achieving GDPR compliance, with the involvement and cooperation of designated customer personnel reflects activities across People, Process and Technology and includes formal project management of those actions assigned to our team. At our customers’ option, it may also include legal advisory services as well as preparation for gaining accredited GDPR certifications of compliance.
Typical scope areas include implementation of Privacy by Design process improvements; Privacy & Security Policies; Data Processing Agreement frameworks; creation of the Data Processing Inventory in accordance with Article 30; Incident Response & Management Processes; GDPR User Rights management framework; definition of Data Retention policies; 3rd Party Contract improvements; and mechanisms to manage conflicting regulatory and legal obligations.
DPO Outsourcing Services
Supported by appropriate processes and highly skilled and experienced personnel (with complementary legal support as an additional option), we take pride on our ability to support local and international organisations with a very high standard of quality and customer focus, via centralised or distributed delivery.
Our combination of onsite, remote, email and telephone support on a 24 x 7 basis are designed to deliver strong comfort to our customers that they can have access to and receive support as and when they need it, especially during emergencies.