Facebook page

Available for speaking engagements and trainings on EU data protection law and the GDPR, as well as for project-based counselling. 

  • Advise on whether and to what extent the General Data Protection Regulation (‘GDPR’) and the future ePrivacy Regulation apply to the activity of the Client;
  • Advise on the appropriate privacy governance structure, taking into account the amount and type of processing activities that involve personal data (including advise on whether the Client is under an obligation to appoint a Data Protection Officer, according to the GDPR);
  • Review of existing privacy policies to comply with the General Data Protection Regulation – provide comments, advice, recommendations, suggest wording if requested;
  • Advise on creating and reviewing the Register of Processing Activities as required by the General Data Protection Regulation;
  • Advise on choosing the appropriate legal basis for processing activities that fall under the GDPR;
  • Advise on possible applicability of the ePrivacy framework to the activity of the Client;
  • Training on EU data protection law, tailored for specific departments (e.g. HR department) or general introduction [this service is subject to a fixed rate, outside the usual hourly rate];
  • Advise on whether a Data Protection Impact Assessment (DPIA) is required by some of the processing activities conducted by Client;
  • Advise on how to conduct a DPIA; review of the DPIA, with recommendations for improvement;
  • Recommend possible measures to implement as required by the Data Protection by Design and Data Protection by Default principles;
  • Advise on issues that may be raised by transfers of personal data from the EU to third countries (such as appropriate legal basis for the transfer, how to handle requests from individuals);
  • Advise on setting up a procedure to reply to requests from EU persons in the exercise of their rights (e.g. access to their own data, erasure of their own data etc.);
  • Advise on controller-processor clauses appropriate for Article 28 GDPR clients, for those processing activities where Client is controller as well as for those where Client is processor;
  • Advise on joint-controllership clauses, where Client is joint-controller with another entity;
  • Analyze particular situations and questions related to EU data protection, to the best of her knowledge (e.g. ‘Is this data we are processing personal data?’; ‘Is this data sensitive’; ‘Must employees in Europe have any expectation of privacy?’ etc);
  • General advice on all EU data protection law issues that may affect the client.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.