Services

Audits

In order for you to understand how you stand in terms of compliance, we can help you evaluate the existing and establish a gap analysis:
  1. Review the existing data processing activity and compliance under the current law,
  2. Review existing data processing to verify that they comply with the data minimization requirement,
  3. Review data sources to make sure that collection has the proper documented legal grounds,
  4. Review the existing notification process, to make sure it can be done within 72 hours rather than just a period of no longer than 60 days,
  5. Review existing processes and training, to make sure the content is adapted to cover all personal data as defined under GDPR and all requirements – this includes training for local staff and the people at the front desk so that they are ready for an unannounced visit from auditors of the Data Protection Authority,
  6. Review all subcontractors agreements and make sure there is a written consent from the Data Controller when necessary,
  7. Review the legal basis for data exports (if any),
  8. And finally review HR data collection and data processing, as employee data is also personal data and needs to be treated accordingly.

Implementation

Once the gap analysis has been done, we can help you implement new processes and tools to establish compliance:
  1. If it is not in place already, we can help you start a register of all personal data processing,
  2. Work with the HR department to adjust processes and training,
  3. Engage with the local Data Protection Authority,
  4. Engage with Data Controllers to coordinate processes,
  5. Work with the Product Management team to adjust tools and data processing,
  6. Work with the legal team, to make sure that contracts are updated

On-going support

Once the tools, processes, training and legal framework have been updated to meet the GDPR requirements, we can help you make sure the GDPR stays on track:
  1. Monitor GDPR updates and guidelines from the WP29 and from the Data Protection Authority,
  2. Monitor new related requirements (PSD2, ePrivacy, evolution of the Privacy Shield agreement, etc.) and work with the various teams (HR, Dev, Legal, etc.) to maintain compliance,
  3. Work with the Data Protection Authority to help you obtain GDPR accreditation,
  4. Work with the Support team on Data Subjects requests (access or modification of personal data, complaints).