Welcome to Data and Privacy Protection OÜ

Maili Torma

Lets start with that I adore data and the Internet but I also believe in privacy being a fundamental human right.  I don’t see privacy as a hindrance to business but a way to run your data business with respect to your clients, partners, investors, shareholders, employees, management. Out of respect good things are born.

I have worked with data from different angles all my career in Estonia as well as in the UK. Currently my company acts as a a data protection officer (DPO) for several companies. We conduct data protection and information security audits and give advice.

Data and privacy protection OÜ is the official training partner of IAPP (International Association of Privacy Professionals) in Estonia, Latvia and Lithuania. We teach the CIPP/E, CIPM, CIPT certification preparation and  Privacy Foundations courses. In addition I also hold a ISO27001 lead auditor certificate.

I am a proud to be a member of the board of Estonian Data Protection Association that unites data protection practitioners in Estonia.

 At Maili DPPM what makes us strong is an excellent network of partners, clients and former clients.  

0
People trained in data protection
0 +
Data protection audits
0
DPO clients
What we are good at

Consulting Services

DPO service

Maili DPPM's DPO service provides highly qualified data protection professionals with data protection (CIPP/E, CIPM) and information security auditor (ISO27001 lead auditor) certificates. The DPO's are multilingual and speak Estonian, English and Russian and have experience with the Baltic and Nordic data protection markets.

GDPR audit

The GDPR audit helps companies to determine what organisational and technological data protection measures have been applied and if these measures work as required. The audit identifies and assesses risks and recommends risk mitigation measures in the report. Maili DPPM can conduct audits in Estonian and English.

Data protection advisory

Sometimes all is needed is a little advice to get clarity if action planned is the right kind of action. If you are looking for answers to questions such as: am I processing personal data, what data is it, where is it located, am I a processor or controller, am I forwarding personal data outside Europe, is it lawful, what are cookies, do I need consent to privacy policy, then we have answers to these and other questions you may have.

Trainings

We provide two day CIPP/E and CIPM certification training in English,. CIPP/E is certified privacy professional, Europe and CIPM is a certificate for privacy programme managers, both certificates are ANSI accredited and issued by IAPP. In addition we train data protection professionals in Estonian in one day course. We also provide corporate data protection trainings on request in either English, Estonian or Russian.

Information security audit

Lack of attention to information security is one of the main sources of hidden risks in a company, because should the risk realise there are no risk mitigation measures in place and potential material or intellectual property damages could end up costing a company dearly. Maili DPPM's information security audit model is built based on ISO27001 information security standard and gives an independent and professional rating on information security level in a company.

Information security advisory

Information security advisory. Based on audit we create all the relevant documentation. When required we also assess the effectiveness of information security work procedures.

SERVICE

DPO Service

GDPR requires certain companies to appoint a Data Protection Officer (DPO), read in our blog which companies need to appoint a DPO.

The DPO can be a company’s or organisation’s employee but a company can also appoint an external service provider as a DPO. Service provider is highly qualified professional who focuses full time on data protection and helps to ensure high standards of data protection in all companies or organisations.

In Maili Data and Privacy Protection Management (Maili DPPM) the DPOS are fully qualified and highly regarded experts holding data protection (CIPP/E, CIPM) and information security auditor (ISO27001 lead auditor) certificates.

Maili DPPM DPO is a good choice also for an international and multilingual company as the DPO speaks Estonian, English and Russian and is familiar with data protection peculiarities in the Baltic and Nordic countries.

The size of DPO service’s fixed monthly fee depends on company’s data protection complexity and particular requirements of a company, but it is still more reasonable than hiring an employee with similar expert knowledge.

The DPO-s tasks in a company or organisation:

  • If needed, maps data processing and puts together a record of processing activities (ROPA).
  • Maintains and updates the ROPA.
  • Creates and manages data protection and, if required, information security policies and guidelines, for example privacy policy, data management, Data Protection Addendums to contracts with joint-controllers and/or data processors.
  • When needed DPO will advise applying adequate technological measures for data protection.
  • Conducts Data Protection Impact Assessments (DPIA) as and when needed, recommends appropriate actions to mitigate the risks and monitors the process of risk mitigation.
  • Provides data protection trainings to company employees.
  • Conducts ad hoc compliance checks to see if applied organisational and technological measures are working.
  • Responds to data subjects, company’s employees and clients, queries about personal data processing and ensures that data subjects rights (correction, restriction, deletion and data portability) are met;
  • DPO also responds to data protection regulator’s queries and cooperates with the regulator if needed.
  • The employees of a company will be sent the name and contact details of the external DPO.
  • DPO’s contact email dataprotection@companyname.ee is published in the privacy policy on your website.

Depending on the the external DPO will come to the customer’s offices for the agreed hours, to ensure that the DPO is a part of the team in the company. If the customer is located outside of Estonia, regular meetings with the company, at least one a month, will be conducted over the internet.

SERVICE

GDPR audit

The GDPR audit helps the companies and institutions to determine what organisational and technological data protection measures have they applied and are these measures working as intended.

The audit is based on structured interviews with relevant employees and review of relevant documentation. If needed, an on site inspection is also conducted.

The observations in the audit report if data protection measure has been applied, partially applied or not applied and if the associated risk is high, average or low. The report also gives risk mitigation recommendations.

SERVICE

Data protection advisory

Sometimes all is needed is a little advice to get clarity if action taken is the right kind of action. If you are looking for answers to questions such as: am I processing personal data, what data is it, where is it located, am I a processor or controller, am I forwarding personal data outside Europe, is it lawful, what are cookies, do I need consent to privacy policy, then we have answers to these and other questions you may have.

We can help you with:

Data mapping and data flow visualisation

Map personal data processing. The mapping is done with the help of structured questionnaire, document and application analysis and review. On request create data flow charts.

Records of processing activities (ROPA)

A company that decides why and how personal data is processed is a controller and as such is required by the GDPR to maintain a record of their personal data processing activities. We will help you put together a ROPA.

Documentation

According to the GDPR companies and institutions must apply sufficient organisational and technological data protection measures. We can help to create documentation and procedures compliant with the GDPR security requirements.

Data protection impact assessment (DPIA)

DPIA must be conducted where a personal data processing is likely to result in a high risk to the fundamental rights and freedoms of natural persons. We will help to determine what is high risk and conduct the DPIA.

From the enterprise risk management perspective we recommend conducting a DPIA every time when you deploy a new application (HR software), technology (fingerprint locking system) or when you switch server housing service provider

consultation

Got a question? Ask.

Please leave your name and e-mail as we will respond to by e-mail.

SERVICE

Trainings

Data privacy involves the use and governance of personal data, typically through policies and programs. It ensures consumers’ personal information is collected, shared and used in appropriate ways. Only the IAPP offers information privacy certification programs such as CIPPE/E, CIPM and CIPT specifically designed for professionals who manage, handle and access data, and recognized and respected by employers the world over.

Maili DPPM is the Official Training Partner of IAPP (International Association of Privacy Professionals)

FOUNDATIONS OF PRIVACY AND DATA PROTECTION

A one day course especially useful in a company wishing to introduce a common vocabulary to their privacy and data protection teams helping to communicate privacy issues clearly between professionals and throughout organisations.

Foundations’ expert-authored curriculum details privacy’s legal and regulatory frameworks. It describes common operational processes and illustrates privacy at work through case studies and real-world examples.

CIPP/E – CERTIFIED INFORMATION PRIVACY PROFESSIONAL – EUROPE

Practicing Privacy – Understanding Laws and Concepts

Show the world you know data privacy laws and regulations and how to apply them. Demonstrate your mastery of jurisdictional laws, regulations and enforcement models, plus legal requirements for handling and transferring data.

This training is an opportunity to learn about critical privacy concepts that are also integral to the CIPP/E exam. While not purely a ‘test prep’ course, this training is appropriate for professionals who plan to certify, as well for those who want to deepen their data protection knowledge. Both the training and the exam are based on the same body of knowledge.

CIPM – CERTIFIED INFORMATION PRIVACY MANAGER

Operationalizing Privacy – Turning Policies into Programs

Make data privacy regulations work for your organization by understanding how to implement them in day-to-day operations. Learn to create a company vision, structure a data protection team, develop and implement system frameworks, communicate to stakeholders, measure performance and more.

CIPP/E and CIPM bundled course

All courses are accredited under ANSI/ISO standard 17024:2012.
 

Trainings are in person in Tallinn, Estonia; Riga, Latvia; or Vilnius, Lithuania. Live virtual courses are available from anywhere. For the Foundations training locations and times, please send me an e-mail or use the webform below.

The Foundation’s course is a full day course from 09.00 to 17.00. CIPP/E, CIPM and CIPT courses are two full day courses. CIPP/E and CIPM bundled course takes four days in a row to complete.

The price for CIPP/E, CIPM and CIPT courses is 1500EUR which includes study materials, a digital textbook, sample exam questions, IAPP’s 12 month membership and exam voucher valid for 12 months. Exam can be done online or at an examination center of your choice.

Discounts are available for groups over 3 people and to CIPP/E and CIPM bundled course.

If you are looking to organise a training in your organisation please enquire about pricing and availability by sending me an e-mail or through the contact form below.

Choose a course and register below!

REGISTER

FOR A TRAINING
SERVICE

Information security audit

Lack of attention to information security is one of the main sources of hidden risks in a company, because should the risk realise there are no risk mitigation measures in place and potential material or intellectual property damages could end up costing a company dearly.

Our information security audit model is built based on ISO27001 information security standard. During the audit we assess if the information security measures are appropriate and sufficient and recommend risk mitigation measures based on audit findings.

Audit gives an independent and professional rating on information security level in a company.
Audit report gives concise and easy to understand review of how well the information security measures protect company’s assets and infrastructure to a company’s board and management or if needed to investors, partners or shareholders.

Depending on company’s exact requirements, we conduct information security audits also with partners that can assess any specific information security topic required.We conduct a structured interview with relevant employee, test on site and review applicable documentation.

Service

Information security advisory

Based on audit we create the required cybersecurity documentation in the company..

When required we also assess the effectiveness of information security work procedures and make recommendations how to improve them.

With our partners we can provide more technical information security advice or help you understand if your development procedures and teams are working as well as they should.

Get in touch! Let's discuss how we can help.

What is happening in Data and privacy protection

Blog

MEET OUR PARTNERS

Henry Ford of the Ford car said, coming together is a beginning, keeping together is progress and working together is success. Here at Maili DPPM we agree.

contacts

We would love to hear from you!

Drop us a line

Any questions or business offers? Talk to us!

Call us

+372 5341 2416

Mail

maili@dataprotectionprivacy.eu

MAIN OFFICE LOCATION

Tallinn

Estonia

European Union

find us on linkedin or telegram