Data Protection Advisory

Sometimes all is needed is a little advice to get clarity if action taken is the right kind of action. If you are looking for answers to questions such as: am I processing personal data, what data is it, where is it located, am I a processor or controller, am I forwarding personal data outside Europe, is it lawful, what are cookies, do I need consent to privacy policy, then we have answers to these and other questions you may have.

We can help you with:

Data mapping and data flow visualisation

Map personal data processing. The mapping is done with the help of structured questionnaire, document and application analysis and review. On request create data flow charts.

Records of processing activities (ROPA)

A company that decides why and how personal data is processed is a controller and as such is required by the GDPR to maintain a record of their personal data processing activities. We will help you put together a ROPA.


According to the GDPR companies and institutions must apply sufficient organisational and technological data protection measures. We can help to create documentation and procedures compliant with the GDPR security requirements.

Data protection impact assessment (DPIA)

DPIA must be conducted where a personal data processing is likely to result in a high risk to the fundamental rights and freedoms of natural persons. We will help to determine what is high risk and conduct the DPIA.

From the enterprise risk management perspective we recommend conducting a DPIA every time when you deploy a new application (HR software), technology (fingerprint locking system) or when you switch server housing service provider


What clients say about our work - data protection advisory