Is your company compliant with the GDPR?
Privatum provides an answer to all your privacy & data protection questions.
Data subject rights
-
Do you inform your consumers about the purpose of collecting personal data?
-
Do you have procedures in place when a consumer asks for all his personal data?
-
Can you guarantee that you can erase all personal data when a consumer asks you to do so?
GDPR principles
-
Are you sure that all personal data that you process is gathered in a lawfull way?
- Do you only process personal data that you need?
- Are you sure you don’t store personal data longer than needed?
Accountability
-
Did you appoint a DPO?
- Do you perform data protection impact assessments?
- Do you keep and maintain a record of processing of personal data?
Organisational measures
-
Are your employees aware of the GDPR principles?
- Is privacy by default and privacy by design embedded within your company?
- Do you monitor compliance regularly?
- Do you have privacy policies in place?
Technical measures
-
Are your IT infrastructure and applications secure?
- Do you apply rules on password strength and password renewal?
- Is the data on test environments anonymous?
- Do you encrypt personal data when sending it over the internet?
Third party risks
-
Do you check if all your suppliers are compliant as well?
- Do you make aggreements on data breach notifications with your suppliers?
- Do you know to which third party tools you are sending personal data?
- Do you transfer personal data outside the EU?
DPO as a service
The GDPR introduces a new role: the Data Protection Officer. This role is mandatory when you regularly and systematically monitor data subjects or process sensitive personal data on a large scale. The GDPR makes it possible to outsource this role.
What are the advantages of an external DPO?
- No conflicting priorities nor conflicting interests
- Cost saving
- Efficiency
- Flexibility
GDPR Compliancy check
The GDPR requires your organisation to demonstrate
- how data subjects can execute their rights
- your accountability
- you respect the main principles of the GDPR
- which organisational and technical measures you take to protect personal data
- how you tackle transfer rights to other companies, foreign subsidiaries and partners
To give you, as an organisation, an idea on how you are scoring on each domain, Privatum created a compliancy check that results in a dashboard and a report on advised improvements.
You can request a Privatum GDPR compliancy check
- as a one time audit to have an idea how compliant your organisation is
- as a recurring monitor mechanism to check the progress on your GDPR compliancy level
This GDPR compliancy check is included in our “DPO as a service” offering.
Data subject rights
Accountability
Technical measures
GDPR principles
Organisational measures
Third party risks
Privacy audit
In a privacy audit we take a deep dive and investigate how you implemented compliancy of the GDPR in your organisation.
Here are a few examples of the checks we will do:
- Evaluate if your record of personal data processes is complete with all required information and up-to-date
- Check your privacy impact assessments
- Discuss your privacy roadmap
- Check how users can execute their rights
- Check your organisational privacy procedures and investigate if your employees know and follow them
- Go through your user privacy policy
The result of this audit is an extensive report with our findings on each check, recommendations to improve, and a list of non-compliant topics ranked by priority.
Privacy consultancy
If you already appointed a DPO, you can still ask for our help
- to perform a data protection impact assessment on a new project
-
to be a sparring partner for your DPO
- to strenghten your privacy team
- to share our best practices
- to organise awareness sessions for management and/or employees
- to train your employees
- to help you monitor privacy policies and procedures
User rights assessment
The rights of the data subjects are the most important elements of the GDPR. In a user rights assessment we act as a data subject and test your employees and internal procedures when executing the right to:
- request all the personal data you keep of a data subject
erase all the personal data you have and exclude from further processing - withdraw given consents
- object against profiling
The outcome will be a report on our findings and a list of possible improvements.
Why Privatum?
We are independent from any product and vendor and we deliver privacy as a service.
We start from your existing business feature roadmap to introduce privacy by design and privacy by default.
We turn the GDPR from a legal requirement into a business opportunity for your company because optimizing business processes is in our DNA.
We follow a pragmatic and iterative approach to minimize the impact on your daily operational mode and tackle the highest privacy risks first.
To embed privacy and data protection in your organisation, legal advise should not be your only concern. The mindset of your operational and technical people needs to change as well. To implement this change you will need a long term commitment of inspirational, pragmatic people who take responsibility and are experts in the field.
Our skills
Engagement
Langetermijnsrelatie
Pragmatisch
Inspired
Responsible
Onze vaardigheden
Technical expertise
Projectmanagement
GDPR
Change management
Business analysis
KMO Portefeuille
Are you a Flemish SME? Then you are eligible to receive financial support when Privatum supports you in improving your privacy and data protection policy.
Our offices
Klaverbladstraat 7a bus 5, 3560 Lummen
Koloniënstraat 11, 1000 Brussel
Verlorenbroodstraat 122 bus 8, 9820 Merelbeke
+32 13 32 36 49
hello@privatum.be
Contact us
Want to know how Privatum processes your personal information? Please check our Privacy Policy.