Privacy data protection requires an integral approach. It is not a matter of just having a privacy statement, some processing agreements in place, appointment of a Data Protection Officer (DPO) or a Corporate Privacy Officer (CPO).
Privacy legislation with the EU-GDPR being more or less as the global standard, requires that you are in control of all personal data that you use. It holds you accountable for that control.
You need to have oversight on all personal data that you use, to start with; you have to justify to that use vis-à-vis the legal grounds mentioned; you need to have procedures in place to protect the data; you have to train your staff; you have to have IT security in place for all applications holding personal data. All consistent to the level of sensitivity of the data.
Setting this up is one thing. You need to maintain and improve in time, dealing with new requirements and threats as they will materialize.
To have this integral approach, we have developed a special methodology: Privacy Triangulation.
With this model you can assure integrality in the set-up of your privacy compliance as well as in maintaining/improving it as time will require.
We are here for you!
Do not hesitate to contact us with any queries you may have!