DALDEWOLF Data Protection Offer

In 2016 the General Data Protection Regulation N° 2016/679 was adopted, clarifying certain rights (already provided in Data protection Directive 95/46) and imposing new obligations upon data controllers and data processors.  Companies (even SME’s) and other legal entities (such as non-profit organisations) have to comply with these new obligations by 25 May 2018.

Many companies are still considering what to do (in November 17, IAPP reported that 67% of the EU companies reported having begun implementation of the GDPR measures).  If your company is late to comply, we can help.

We can assist you with specialised advice on specific questions (many complex issues arise under GDPR, such as the applicability of the GDPR to non-EU activities or applicability of the national data protection laws within the EU) or we can assist you with the overall GDPR compliance of your company:

  • Step 1: Introductory training on data protection

People in your organisation may not be aware of the obligations that come with handling personal data of clients, prospects or colleagues.  An introduction to the protection of personal data may be welcome.

Questions addressed:  the definition of “personal data” and “processing”, the principles of processing, the legal bases (incl. consent), operational obligations for data controllers and data processors (depending on your situation)

  • Step 2: Interviews with key persons

We will conduct interviews with the people in your organisation who have an overview of the data relevant processes on the basis of a questionnaire.

Questions addressed:  who handles which personal data, for which purposes and how?

  • Step 3: Mapping the personal data

In addition to mapping the practices based on interviews, we will analyse the relevant documents (contracts with clients, providers, partners, policies submitted to prospect or other third parties).

Services offered:  the results from the interviews and the document analyses will be used for filling n the processing operations register (the so-called “record of processing activities”).  We can teach you how to do it or we can do it for you.  And we can provide you with a customised template of a data processing register, with pre-encoded data making it easy to fill in.

  • Step 4: Gap analysis

Once we know which data you have and how you use these, we can describe the gap between the legal requirements and your actual practice. 

Questions addressed:  we will identify the “red flags”, points that should be addressed in order to comply with the GDPR requirements (or internal data protection policies) and the priority with which this should be done (e.g. review of contracts, internal procedures for treating data subjects’ requests).

Where useful, we will propose a collaboration with technical partners (security experts).

  • Step 5: Implementation

We can assist you with the implementation of the measures to be undertaken in order to achieve GDPR compliance (e.g. drafting/reviewing your privacy policy, reviewing access control procedure and contracts with processors or partners).

Our clients are active in various roles (data controllers and processors) and in various sectors (retail, data analytics, international organisations, health services).

Feel free to ask for more information or for a fee quote at sdp@daldewolf.com