The GDPR requires organisations outside the EU who process the data of EU-based individuals, to engage a representative within the EU. (Entities with EU branches or subsidiaries are exempt.)
We offer a 'one-stop-shop' service via our Dublin and London offices and our network across continental Europe. Our services include record-keeping as well as liaising with the relevant Regulatory Authority and data subjects.
We offer tailored training to suit your organisations’ privacy needs in a variety of formats, with specialised training for Public Bodies and Authorities.
We can provide one-to-one training to key individuals based on their needs, to a focus group or to your wider organisation. The training incorporates the latest developments from the European courts, legislation and guidance and rulings issued by regulators.
Your organisation significantly reduces its risk of breach by raising its awareness of GDPR and privacy requirements, resulting in a greater acknowledgement for the need for ‘Privacy by design’ and privacy compliance at all levels within the organisation.
GDPR training allows the organisation to demonstrate compliance and the adoption of the principle of ‘privacy by design’.
Data Privacy Assessments and Privacy Impact Assessments are risk assessments that review the level of risk inherent in your data privacy practices.
The GDPR requires organisations to conduct a Data Protection Impact Assessment (DPIA) where processing is likely to result in a high risk to the rights and freedoms of individuals. These assessments should be carried out prior to undertaking the new activity or processing, and the DPO should be consulted.
We can assist in conducting DPIAs either as part of our DPO offering, or as a stand-alone service.
It is recommended to conduct a Privacy Impact Assessment (PIA) whenever the organisation undertakes a new project or service or business function, or where any changes to data processing within an organisation are envisaged. The aim of conducting a PIA is to ensure that the risks to personal data inherent in any new activities are identified and measures are taken to address and mitigate those risks. These assessments should be carried out prior to undertaking the new activity or processing.
Incorporating DPIAs into your organisations’ project management procedures demonstrates compliance with the principle of ‘Privacy by Design’ by enabling you to identity risks to personal data and incorporate measures at the design phase to ensure privacy.
Engaging external advisors to assist with this process ensures that your organisation remains up to date with developing approaches to DPIA, following guidance and rulings issued by the various courts, parliaments and regulators across the EU. It also demonstrates a ‘risk-based’ approach to GDPR compliance which is a core requirement of GDPR. Conducting a privacy assessment can help prioritise any risks identified.
A DPO must be appointed where:
Processing is carried out by a public authority or body;
Organizations’ core activities involve large scale and regular monitoring of EU based individuals, of special categories of data or of personal data relating to criminal convictions; or
The national law of certain countries requires one, for example Germany.
The EU authorities recommend that a DPO is engaged or consulted in all other cases.
The GDPR tasks the DPO with specific responsibilities. It also permits controllers/processors to deletate greater responsibility and tasks to the DPO.
The GDPR allows the role of DPO to be outsourced to an external entity or organisation. We can either undertake this role as your Outsourced DPO, or provide DPO Support to assist your internal DPO.
Engaging an external DPO ensures independence of the DPO, allows full confidentiality among employees, allows the DPO to query data protection matters with the relevant regulator anonymously.
Our team of diverse professionals will provide your organisation with access to a wide range of skills and experience. Our members include specialists to assist public bodies and authorities.
We can assist with employee training, creating and maintaining data inventories and records of processing activities, liaising with supervisory authorities, maintaining a log of processing activities, privacy auditing/gap analysis, and keeping you up to date with the latest cases, legislation, guidance and ruling from the difference courts, parliaments and regulators in Europe.
Data Protection Officer
Our GDPR gap-analysis illustrates your organisation's level of compliance, and provides a road-map of the steps to achieve compliance. It also serves as a useful tool to demonstrate accountability and transparency.
We work with you to view the elements of your existing privacy measures and assess them against the requirements of GDPR to determine whether they meet the GDPR standards, or require any tweaking. Once the gap-analysis is complete, we prioritise your remedial measures.
We can also contact regulators on an anonymous basis to confirm whether any novel measures or processes adopted by an organisation would achieve compliance.
The process can demonstrate accountability and compliance with GDPR.