Privacy Journey

Permanently comply with all legal requirements and guidelines

7

Privacy Journey

Compliance with all legal privacy requirements and guidelines is not a one-off project, but a permanent process. A journey that every organization must take in order to be able to permanently comply with the basic principle of the GDPR: accountability. DPO Consultancy guides you through every step of that journey.

DPOC_Privacy_Journey_figure_final_English
7

Reflecting: assessment

Every privacy journey needs a starting point. Only when you know where you stand will it become clear what measures are needed. During an annual assessment, it is thoroughly tested to what extent your organization meets the requirements of the GDPR. In addition to studying all documentation, all relevant stakeholders are interviewed. All findings are translated into clear points for attention and action. DPO Consultancy is the ideal partner for an independent and professional assessment. Our experienced privacy experts are aware of all current laws and regulations – national and international – and master all aspects of a good privacy and data protection policy.

Acting: implementation

How do you do that, implementing privacy management? By translating the findings and recommendations from an assessment into a privacy management activity plan (PMA plan). This plan ensures that the measures required by the GDPR are anchored in a structured and manageable manner in business operations. The scope, depth, and content of the necessary measures are of course different for every organization, depending on services, business operations, industry, and region. Our consultants have experience in all kinds of industries and with various types of organizations, so implementation advice is always tailored to your situation.

1562163416350

“The privacy journey helps you to truly anchor privacy and data protection in your organization. So that it does not feel like an obligation, but rather as a distinguishing factor for your company.”

Jelmer Pieters – Managing director – MBA CIPP/E

Learning: education

Privacy and data protection are human work. Privacy policy can only be successful if the knowledge is at the right level and employees are aware of risks and procedures. The permanent education of everyone in the organization is therefore essential. It is not without reason that this is prescribed by law. A good education plan takes different roles and the corresponding knowledge and awareness levels into account. Our range of courses varies from basic to in-depth training in privacy legislation and data protection. Our e-learning solution is the ideal way to demonstrably provide permanent education for all employees.

Organizing: governance

An important aspect of the privacy policy is that it is monitored that activities are carried out properly and that this can be demonstrated if a national regulatory authority, such as the Dutch Data Protection Authority, requests this. This is where the data protection officer (DPO) comes in. DPO is the spider in the web when it comes to governance of privacy and data protection and he or she must therefore be able to fulfill that role objectively and independently. With our DPO-as-a-service service, you are assured of a skilled, objective, and independent expert, at fixed monthly costs that match the size and complexity of your organization.

The Schrems II judgement and new standard contractual clauses

Article

Step by step data breach protocol

Tool

The GDPR, what does it mean for non-EU companies?

White paper