GDPR & Data Privacy Services

Services  /  Compliance  /  GDPR & Data Privacy Services

Ensure Data Protection


Our GDPR experts help organizations to fully comply with GDPR requirements by working together in identifying the existing gaps, assess the current risk, create a comprehensive implementation plan and push implementation through a roadmap with clear costs and timelines.

What is GDPR?


The General Data Protection Regulation (GDPR) is a new data protection law framework that affects all organizations imposing strict rules on those hosting and processing the data of European Union (EU) citizens.

Data Subjects Rights


Data Subjects (DS) refers to all natural persons whose personal data (PD) is processed by a controller or processor in line with GDPR art. 3.

  Right to be informed
  Right of access
  Right to Rectification
  Right to Erasure (Right to be Forgotten)
  Right to Restriction of Processing
  Notification
  Right to Object
  Right to Data Portability
  Automated decision-making
  PD breach communication

All the above DS rights are translated into implementation requirements for all organizations that store and process the data of European Union (EU) citizens. EU Commission explains data subject rights to EU citizens through this infographic.

Consequences of failing to comply with GDPR


If an organization infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement. Depending on the degree of gravity of the infringement the following fines are to be expected:

  Lower Level: Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements if it is determined that non-compliance was related to technical measures such as impact assessments, breach notifications and certifications (Articles 8, 11, 25-39, 41(4), 42, 43).
  Upper Level: Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements in the case of non-compliance with key provisions of the GDPR. Examples that fall under this category are non-adherence to the core principles of processing personal data, infringement of the rights of data subjects and the transfer of personal data to third parties or international organizations that do not ensure an adequate level of data protection (Articles 5, 6, 7, 9, 12-22, 44-49, 83.6 and "Any obligations pursuant to Member State law adopted" under Chapter IX).

Read more about the Rules For Organisations and Rights For Citizens here.

How We Can Help


Our GDPR experts help organizations to fully comply with GDPR requirements by working together in identifying the required changes that are needed in order to achieve full compliance with clear costs implications.

Our GDPR services at a glance


  Gap analysis
  Security architecture consulting
  PII Identification and Data Mapping
  Data protection by design
  Data Protection Officer (DPO) consultancy
  Security Health Check and Maturity Assessment
  Data Protection Impact Assessment (DPIA)
  Incident management process review
  Third-party assessments
  Policy Framework Review

Extended Services (subject to GDPR)


Data Protection Officer (DPO) – As a Service


Controllers or processor are required to appoint a Data Protection Officer, as stated in Article 37, if one of the following scenarios are true:

  The processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
  The core activities of the controller or the processor consist of processing operations which require regular and systematic monitoring of data subjects on a large scale;
  The core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

General Data Protection Regulation does not enforce controllers or processors to appoint an internal Data Protection Officer. Outsourcing your DPO role to us will save you time and reduce operational costs. Get in touch with us for a personalized offer.

Third-party assessments on request


In 2017, data breach linked directly or indirectly to third-party access was around 63 percent and around 73 percent in case of a fourth-party vendor or greater. Third party compliance is often overlooked by companies, but with the new General Data Protection Regulation in place, this is something that must be treated with high importance.

Our experts can help your organization to identify any flaws and get you in compliance with the new regulation.

Data breach communications


As described in Article 34, “When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay”. The communication to the data subject shall describe in clear and plain language the nature of the personal data breach.

Our experts can help you to define a data breach communication plan and work with you to handle any potential data violation.

Top