Our services
How can we help?
We offer a wide arrange of Data Protection services for organizations of all shapes and sizes.
Jump to...
- Data Protection Officer
- Data Protection Impact Assessment
- Data Transfer Impact Assessment
- GDPR Maturity Analysis
- Incident Management and Response
- Vendor assessment
- Data Privacy Training
- Online Consulting
- * Our rates
Data Protection Officer (DPO)
Organisations that systematically handle sensitive categories of data (eg. data on health, sexual oriëntation and/or political affiliation) or process data of large numbers of data subjects are often required to appoint a Data Protection Officer.
Tasks and responsibilities
On the basis our professional qualities and, in particular, expert knowledge of data protection law and practices, we will provide you with the following services:
- Information and advice on planned processing activities
- Monitoring compliance with the GDPR
- Assignment of responsibilities
- Awareness-raising and training of staff
- Performing of related audits
- Cooperation and contact with the supervisory authority on issues relating to the processing
- Prior consultation with supervisory authority before processing that is considered ‘high risk’ to data subjects
- Consultations and providing professional opinions and guidance on any other relevant matter
A certified Data Protection Officer will be designated as an independent, external position within the organization. The identity and contact information of the DPO will be announced to the relevant Supervisory Authorities.
Data Protection Impact Assessment (DPIA)
Processing activities that are likely to result in high risks for the data subject, require the drafting of a Data Protection Impact Assessment.
Key components
The DPIA shall contain at least the following elements:
- A systematic description of the envisaged processing operations and the purposes of the processing
- An assessment of the necessity and proportionality of the processing operations in relation to the purposes
- An assessment of the risks to the rights and freedoms of data subjects
- The measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data
The assessment will be performed in accordance to WP29/EDPB guidelines and with the tools and methodology developed by the French Supervisory Authority (CNIL). Other templates are also available on a request.
Data Transfer Impact Assessment (DTIA)
When personal data being is transferred outside of the EEA, the Data Controller is required to make a Data Transfer Impact Assessment. This includes cases where the data is stored within the EEA (eg. when using public cloud services), but could potentially be shared with government agencies outside of the EEA.
Key components
Within this service we provide you with the following:
- Mapping of all transfers of personal data to third countries
- Verification of the transfer tools the transfer relies on (eg. standard contractual clauses)
- Assessment of the legislation in the third country with regards to the transfer
- Identification of supplementary measures that are necessary to bring the level of protection of the data transferred up to the EU standard of essential equivalence
The assessment will be performed in accordance to European Data Protection Board (EDPB) guidelines and includes recommendations for further measures to be taken to ensure essential equivalence.
GDPR Maturity Analysis
An assessment of the GDPR maturity of the whole organization, based on a maturity score assigned to 60+ control points that cover the different responsibilities of a data controller or data processor under the GDPR.
Key components
We assess your compliance with GDPR in six main areas:
- General principles;
- Lawfulness of your data processing;
- Rights of data subjects;
- Roles of controller and processor in certain relationship;
- Security of personal data;
- Data protection officer role and tasks;
- International data transfers.
The assessment includes an action plan with measures to take to further increase the GDPR maturity of the organization.
Incident management and response
Under the GDPR, personal data breaches should be assessed and handled quickly and notified to, the supervisory authority within 72 hours after the initial discovery where the breach is likely to cause a risk to the rights and freedoms of individuals .
Key components
This service includes :
- Assessing the severity of personal data breaches
- Notification to the supervisory authority (where relevant)
- Notification to the data subjects (where relevant)
- Advice on remediation efforts to avoid re-occurrence of similar incidents
- Registering data breach in data breach record
The severity of personal data breaches will be assessed based on the methodology developed by the European Union Agency for Network and Information Security (ENISA).
Vendor Assessment
When a new data processor (eg. CRM platform, Software-as-a-Service providers, payment processors, IT service provider, etc) is being introduced within an organization, you may be required to perform a GDPR vendor assessment.
Key components
We carry out such an assessement of 50+ control points on your behalf, focussing on the following topics :
- Transparency & Information provided to data subjects
- Privacy by design & by default
- Information security
- Data Processing Agreement
- Transfers of personal data outside EU/EEA
We can also provide you with a report comparing the GDPR maturity of different (current and future) vendors.
Data privacy training
We provide data privacy awareness training for internal staff and/or external collaborators.
Key components
Awareness sessions generally focuses on :
- General data processing principles under the GDPR (data minimization, storage limitation, lawfulness, etc.)
- The rights of data subjects and how to handle them
- Security of data processing and measures to increase the security
- Handling of security incidents
- Roles and responsibilities within the organization
The awareness sessions includes interactive quiz to assess the overall knowledge of participants, and can be tailor made to focus on specific data protection and/of data security policies within the organization.
Online consulting
Hourly calls (and/or online video meetings) regarding the protection of personal data with an experienced and certified information privacy professional.
* Our rates
Our consulting services start at 180 € (for 1 hr), 130 € (for +4 hours) and 120€ (for +8 hours). Further discounts are available long-term contracts and for small scale non-profit organizations.
The cost of a managed GDPR Compliance platform depends on the size and complexity of the organization. Our managed service includes a 20% discount for the associated software licensing fees.
All prices exclude VAT and are indexed annually.
Please contact us for a tailor made offer.
Jump to...