Our GDPR review process of your organization begins with an interview of the person in charge of IT and cybersecurity and a survey of your infrastructure and processes in regard to Data Protection, taking into account your business concept and requirements.
Our experts will conduct an evaluation and during consultation they will define your company's scope of GDPR compliance and indicate steps necessary to upgrade and enhance procedures at regulatory, organizational and technical levels to comply with best practices.
We shall provide you with GDPR documents' templates as well as instructions and practical help to complete them and keep them updated. We can also conduct informative meetings and training sessions for your data-processing personnel in order to better understand best practices in regard to Data handling, processing and protection.
Data Protection Officer services
You need to appoint a DPO if your organization:
The GDPR, therefore, offers the possibility that many companies will not have to appoint a DPO if they are NOT undertaking any online behavior tracking or profiling activities and/or processing any special categories of data. Even if they are undertaking such activities, they will not have to appoint a DPO, if they can show that such activities are not “core” to the business.
However, even those who are not strictly required to appoint a DPO may consider bringing one in. This is already happening in some European countries: in France, for instance, appointing a data protection officer is not mandatory, but doing so exempts the organisation from having to make declarations to the national data protection authority (CNIL).
The DPO, whose role is set out in articles 37 – 39 GDPR, is designed by the legislator to be simultaneously an independent monitor responsible for ensuring GDPR compliance, an educator of employees and management on data protection practices, and the contact person for both data subjects and the relevant data protection authority. He reports to “the highest level of management” (art. 38) of the processor or controller, which is generally presumed to be the C-suite or board.
As the GDPR allows for appointing an external DPO, it can be a particularly cost-effective solution for a smaller company that is obligated to appoint a DPO, but does not require one on a full-time basis. Appointing our office as your DPO shall benefit your organization comply with the qualifications criteria in Art. 37 of the GDPR (expert knowledge of data protection law and practices) as well as respect the 'significant independence to perform his role' requirement described in Art. 38, avoiding any potential conflict of interest.
GDPR has caused many companies intense compliance headaches due to its comprehensive scope, far-reaching obligations and severe penalties.