Data Protection Advisory
We can help you with:
Data mapping and data flow visualisation
Map personal data processing. The mapping is done with the help of structured questionnaire, document and application analysis and review. On request create data flow charts.
Records of processing activities (ROPA)
A company that decides why and how personal data is processed is a controller and as such is required by the GDPR to maintain a record of their personal data processing activities. We will help you put together a ROPA.
According to the GDPR companies and institutions must apply sufficient organisational and technological data protection measures. We can help to create documentation and procedures compliant with the GDPR security requirements.
Data protection impact assessment (DPIA)
DPIA must be conducted where a personal data processing is likely to result in a high risk to the fundamental rights and freedoms of natural persons. We will help to determine what is high risk and conduct the DPIA.
From the enterprise risk management perspective we recommend conducting a DPIA every time when you deploy a new application (HR software), technology (fingerprint locking system) or when you switch server housing service provider