Data protection professionals

Maili Torma

I am a big fan of data and the Internet but I also believe in privacy being a fundamental human right.  I don’t see privacy as a hindrance to business but a way to run your data business with respect to your clients, partners, investors, shareholders, employees, management. Out of respect good things are born.

I have worked with data from different angles all my career in Estonia as well as in the UK. Currently my company acts as a a data protection officer (DPO) for several companies. We conduct data protection and information security audits and give advice.

We conduct a variety of trainings on data protection and data governance.

I am a proud to be a member of the board of Estonian Data Protection Association that unites data protection practitioners in Estonia.

At Data and Privacy Protection OÜ what makes us strong is an excellent network of partners, clients and former clients.  


Consulting Services

DPO service

Maili DPPM's DPO service provides highly qualified data protection professionals with data protection (CIPP/E, CIPM) and information security auditor (ISO27001 lead auditor) certificates. The DPO's are multilingual and speak Estonian, English and Russian and have experience with the Baltic and Nordic data protection markets.
Read more

GDPR audit

The GDPR audit helps companies to determine what organisational and technological data protection measures have been applied and if these measures work as required. The audit identifies and assesses risks and recommends risk mitigation measures in the report. Maili DPPM can conduct audits in Estonian and English.
Read more


We provide 1 hour to 1 day data protection trainings in Estonian and in English. We also provide corporate data protection trainings on request in either English or Estonian.
Read more

Data protection advisory

Sometimes all is needed is a little advice to get clarity if action planned is the right kind of action. If you are looking for answers to questions such as: am I processing personal data, what data is it, where is it located, am I a processor or controller, am I forwarding personal data outside Europe, is it lawful, what are cookies, do I need consent to privacy policy, then we have answers to these and other questions you may have.
Read more

Information security audit

Lack of attention to information security is one of the main sources of hidden risks in a company, because should the risk realise there are no risk mitigation measures in place and potential material or intellectual property damages could end up costing a company dearly. Maili DPPM's information security audit model is built based on ISO27001 information security standard and gives an independent and professional rating on information security level in a company.

Information security advisory

Information security advisory. Based on audit we create all the relevant documentation. When required we also assess the effectiveness of information security work procedures.
People trained in data protection
Data protection audits
0 +
DPO clients