Privacy Law

With the GDPR compliance services and solutions at Chao Legal, I help you with practical advice about how to protect personal data. By using four clear, practical steps you will be able to comply with the GDPR, and avoid penalties and reputational damage:

1. Start with making a personal data inventory

Do you know exactly what personal data are collected by your organization, for what it is used, where it is stored and to whom it is transferred? GDPR compliance starts with having a clear overview of your organization’s use of personal data. However, in my experience, many organizations do not have full insight in this. I can help mapping your organizations personal data by means of:

• interviews with relevant stakeholders,
• and assisting you with preparing and reviewing the personal data records, which is one of the important requirements of the GDPR.

2. Make a GDPR gap assessment

The second step in GDPR compliance is to determine what the ‘GDPR gaps’ are for your organization, and to define the concrete actions in order to become GDPR compliant. I can provide you with:

• an extensive Privacy risk assessments, or
• a GDPR quickscan (high-level assessment),

depending on the sector, size and specific wishes of the client.

3. Set the right priorities for GDPR compliance

Now that you know what the gaps are, it is time to set the right priorities for GDPR compliance, on the basis of the risk levels, implementation costs and your business environment. I have helped numerous clients with defining priorities, preparing a GDPR implementation plan, and with the implementation of each of the steps. The top-3 topics for the implementation plans are usually:

1. Internal record of processing activities;
2. Privacy policies (internal and external);
3. Data processing agreements with external processors.

4. Become compliant and stay compliant

After becoming compliant with the GDPR, it is also important to stay compliant. It all starts and ends with awareness! Make sure that all employees and other stakeholders become (and stay) aware of their roles and responsibilities regarding privacy, and follow the applicable procedures in order to stay compliant with the GDPR. I can help you in drafting and implementing procedures, and I regularly give (in-house) Privacy awareness trainings. If requested, I can also assist in Privacy Audits as subject mater expert.