We provide assistance for the requisite technical and organisational security measures of your organisation.
DPO as a service
At Privanot we take our time to get to know you, so that we gain a good insight into all the ways in which you, within your company or organisation, process personal data.
In doing so, we identify the following elements within your organisation:
- The personal data
- The processing of the personal data
- The purpose of the processing
- Eligibility grounds
- Data repositories
- Data retention periods
- Recipients and/or third parties
The above data are centralized in a processing register. You will receive this processing register together with an action plan.
Together with these documents, we work together to ensure that your organisation is fully compliant with the GDPR-measures.
You can count on a multidisciplinary approach.
We lend ongoing support to our customers by providing several standard documents, legal- and technical advice. In addition we are the contact person for the parties involved and the Data Protection Authority (DPA).
We offer you standard documents for both internal and external use.
It’s not only important – as an organisation – to be GDPR-compliant yourself, but also to call in GDPR-compliant external partners (processors) as experts. You must – according to GDPR – conclude a processor agreement with all your processors, we advise and check those processor agreements. In addition, we provide a standard processor agreement that you, yourself, can propose to your external partners.
Last but not least, we provide a diligent internal support of your organisation through several written instructions or policies. You receive from us: a data security policy, a data breach policy, a procedure for managing the rights of those involved, instructions for your employees, …
Legal and technical advice
We offer an answer to all legal and technical queries about privacy laws, GDPR and data security.
Your external contact
You can also hire us as contact person for the parties involved and in your contacts with the Data Protection Authority (DPA). The GDPR provides for a number of rights for the parties involved – aka ‘data subjects’ – as a result of which they maintain control of their personal data.
Which are the rights of those involved?
- Right to information
- Right to access
- Right to modify
- Right to exchange data
- Right to limitation
- Right of objection
- Right to transfer data
- Right to be excluded from automated decision-making
We inform our customers extensively about these rights in our internal procedures. We answer the data subjects’ queries and we assist them in the exercise of their privacy rights. As an organisation, it’s important to respond speedily to these privacy queries, as it fosters a good relationship with all internal and external partners.
The GDPR had been in force since May 2018. It is a new legislation in constant evolution. We follow it closely and inform your organisation of all developments. You will regularly receive our newsletters in a comprehensible and accessible manner.
Furthermore, we organize training events for all those interested within your organisation. We focus on the substance of the legislation and we consider the practical implementation.
It is possible, upon request, to organise a training course entirely tailored to your organisation’s specific needs.
Our GDPR audit comprises a legal and a technical part. In the legal part, we check the correct application of the GDPR legislation and the Personal Data Protection Act. The technical part concentrates mainly on the cybersecurity of your organisation: how well is your organisation digitally secured?
The main aim of the GDPR audit is to optimize protection of the personal data of those involved and to mitigate the risk of data breaches.
Customized and tailor-made approach
Next to our standard way of working, Privanot also offers tailor-made services in line with the needs of your organisation. Equally, we can assist your own internal officers for data protection (or DPO) in their duties or we can provide you with the required documentation (standard template of a processing register, privacy- and cookie policies, internal procedures…).