Ivan Spiteri
Director of Technology Advisory & Assurance
The General Data Protection Regulation (GDPR) is far reaching – and is the most rigorous new privacy law in 20 years. The GDPR affects organisations in the EU or those that offer goods and services to individuals in the EU, or that collect and analyse data related to EU residents, regardless of their location. It is a complex regulation that impacts nearly all businesses.
How can BDO help you be GDPR compliant?
We start by helping organisations understand their GDPR compliance obligations, before creating and executing a remediation plan designed to minimize cost and disruption while meeting all requirements. While every plan is specifically customised to meet each of our clients’ unique situations, our main services are aligned to support the most common GDPR compliance requirements, including:
GDPR Readiness
GDPR readiness assessment
Data mapping / data flow diagramming
Article 30 register development and management
Article 6(1) and 9(1) information audit and inventory
Incident response planning and testing
Data protection impact assessments (DPIA) / privacy impact assessments (PIA)
Information security assessments
Privacy program advisory
Outsourced Data Protection Officer (DPO) Services (Art. 37-39)
Development and Business alignment
Setup and Configuration
Data Protection Officer (DPO) support
GDPR Remediation and Implementation
Data minimisation, retention, erasure and classification policies, and process development
Training and awareness
Privacy internal campaigns
Privacy notices, policies and procedures development
Privacy by design and default
Technical controls implementation
Third-party processor remediation
Review privacy agreements / clauses
Data breach response and notification process planning
International data transfers policies and registers development