Data Protection

We are helping technology, B2B retail, e-commerce, health-tech, marketing, fin-tech, etc. companies to implement data protection (including General Data Protection Regulation GDPR) requirements.

Data Protection Officer’s (DPO) service

  • An outsourced data protection officer is appointed to ensure compliance with the provisions of the GDPR and other relevant legislation;
  • DPO informs and advises the organization and its employees of their data protection obligations under the GDPR;
  • DPO is monitoring the organization’s compliance with the GDPR and internal data protection policies and procedures. This will include monitoring the assignment of responsibilities, awareness training, and training of staff involved in processing operations and related audits;
  • Serving as the contact point to data protection authorities for all data protection issues, including data breach reporting.

Data protection impact assessment

  • Conducting an impact assessment for data processing solutions;
  • Data mapping for the new products or services of the company;
  • Evaluating the compliance with the GDPR;
  • Assessing, whether the company’s software solutions and databases correspond to the technical and legal requirements of the GDPR.

Data protection documentation

  • Compiling the documentation such as records of data processing activities, privacy notices and privacy policies, balance test for Legitimate Interest, retention policy and Data Subject Access Rights (DSAR);
  • Binding Corporate Rules, internal procedures for the possible event of a data breach;
  • Drafting data processing agreements (group company level and external), controller-processor agreements, technical and organizational measures.

Risk management and data security

  • Consulting R&D teams within the development process;
  • By default and by design privacy settings;
  • Risk management and data security;
  • Technical and organizational measures;
  • Recommending software solutions (anonymization, encryption, records of processing, consent management, cookies, etc);
  • Processing of the handling of privacy incidents (e.g. reporting to the regulatory authorities);
  • Reacting to privacy incidents.

DPO training

  • Providing bespoke DPO training courses based on the client’s profile;
  • Helping the DPO understand the requirements of GDPR applicable to the company;
  • Carrying out a data protection impact assessment for ensuring compliance with regulations.

« Back to areas
Hedman

Our memberships:
FinanceEstonia,
Teenusmajanduse Koda,
EstVCA, EstBan, FECC,
IBA & IBA European regional Forum