Data Protection – GDPR – DPO
This service line covers end to end activities to comply with GDPR and to enable your organisation to manage your key business asset, such as data (including personal data).
If your company is having difficulties with implementation, or even establishing what to do to meet the legislative requirements, we can help you starting from and amongst others with gap analysis, process design/ process mapping, data flowcharting, building repository of data, creating Record of Processing Activities (RoPA), handling Data Subject Right Requests (DSRR), data protection internal policies and customer facing notices (including privacy – and cookie notices) and delivering DPO activities.
GDPR is not a legal matter only, and primarily it requires more input and knowledge/experience from technical experts. This is normally where companies get it wrong by default. The processes around data protection should be interveawed with many other processes in various fields, like IT, sales, marketing, etc. For instance, in the IT domain we would look into your processes around eg. incident management, access management, change management. If these are not well integrated, there is a great chance for the data protection side failing and you might even miss reporting deadlines to the Data Protection Authority (DPA), which may result in penalties.
The Belgian DPA has recently been very active in issuing fines for various infringements of the GDPR, all with the aim to set an example and explain what the background of these fines were. For example, financial penalty because of the lack of segregation of duties for the role of the DPO (which regardless of the size of the organisation) should not be combined with key conflicting roles; like head of IT (CIO), CFO, security officer, internal audit, compliance, more and more companies will realise they need to engage an independent party, if lacking internal resources / competencies. This with a full-time position could be inefficient and costly, hence they should consider engaging part time contractors. This is where we can step in and help your company out.
The DPO services can be contracted for on a part time basis with on- or off-site work execution, where it is also possible that you pay a base fee on a monthly basis which entails certain number of hours at your disposal, and when you need more time, your company formally indicates and triggers extra Statement of Works (purchase orders). Minimum base contract is for 1 day / week for a minimum of 6 months.