Remember the typical “GDPR comes with huge fines” fearmongering advice? That’s not us.
Your business needs to process personal data and we’re here to help you do that while complying with data protection legislation. The GDPR places many requirements on organizations and data protection compliance is becoming increasingly demanding. That is why we do not sell any one-size-fits-all solutions, and tailor our advice to each individual business and organizational processes. We start by understanding the business needs and we step outside of the “data protection laboratory” into the real world.
The GDPR prescribes two typical roles for an organization: data controller (alone or jointly with other controllers) or data processor. Based on the role in each processing activity, we’ll explain what you need to do to comply with privacy laws. This section is a snapshot of the usual services we provide for organizations.
Assistance in meeting GDPR requirements
GDPR includes a vast array of obligations for data controllers, summed up under the principle of accountability. We regularly help clients implement processes and design mechanisms to demonstrate compliance with all such legal requirements, including the records of processing operations (which we also tailor to the needs of the client), data protection impact assessments (where we assist clients with very complex risk assessments and mitigation), data protection agreements, personal data breach assessments, and not least consultations with the data protection supervisory authority.
We are very skilled in drafting information notices and other materials that need to have an accessible language and be easily understood by the general public. Our documents are not just lawyer readable but human readable, ensuring that you meet the GDPR requirements to use an intelligible and easily accessible form, as well as clear and plain language. We also design adequate methods to bring the information to the attention of its addressees, whether this is on a website, on a smart terminal, on a board or others.
Training on EU data protection law
Our customised training programs are constantly hailed as being professional, informative and also fun. Our practical approach backed by a long experience dealing with data protection issues has been widely praised by our clients.
Data protection is not just about GDPR. We also advise clients in complying with the requirements related to direct marketing, as well as cookies and other tracking technologies. Moreover, since the future ePrivacy Regulation is currently being negotiated at EU level, we keep our clients informed about the process.
Empowering persons to take control over their data
Individuals (data subjects) enjoy a wide range of rights in relation to how, by whom and for what purpose their personal data is being processed. GDPR has tightened the control individuals enjoy over how their personal data is being processed, with an increased scope of data subject access requests, broader right to erasure of data, broader right to restrict the data processing and to object to the processing, a new right to data portability, while controllers have strict deadlines in which they must respond. The exercise of these rights and the interaction with entities that process personal data (sometimes unlawfully) can be difficult for an untrained individual. But we are here to help.
Receiving accurate information on the data processing activities
Do you want to know what data a certain entity processes about you, for what purpose, for how long and to whom it was transferred to? We can help you obtain this information.
Subject access requests
You have the right to receive a copy of the data being processed about you by an entity, and we can help you receive it. You can also request information about the reasoning behind any automated decisions, such as a computer-generated decision to grant or deny credit, or an assessment of performance at work (except where this information is a trade secret).
Raising complaints over the processing of your personal data
When your issue with the entity processing your data cannot be solved amicably, we can guide you in filing a complaint with the data protection authority.
Raising concerns over the use of personal data
If you believe an entity processing your personal data does not have a lawful ground to process some or all of your data, holds inaccurate information about you, has unlawfully disclosed information about you, is keeping information about you for longer than is necessary, is not keeping your information secure, or has collected information for one reason and is using it for something else, we can assist you in asking the entity in question to remedy these matters.
We don’t sell GDPR software or templates and we won’t magically make you “GDPR compliant”.
We do, however, come up with practical solutions to your data protection and privacy problems and empower your organisation to learn to handle them in the future.
Latest from Blog
Get in Touch with Us
Bucharest, Bd. Aviatorilor nr. 47, etaj 2, sector 1, 011853, Romania