The General Data Protection Regulation (GDPR) is far reaching – and is the most rigorous new privacy law in 20 years. The GDPR affects organisations in the EU or those that offer goods and services to individuals in the EU, or that collect and analyse data related to EU residents, regardless of their location. It is a complex regulation that impacts nearly all businesses.

How can BDO help you be GDPR compliant?

We start by helping organisations understand their GDPR compliance obligations, before creating and executing a remediation plan designed to minimize cost and disruption while meeting all requirements. While every plan is specifically customised to meet each of our clients’ unique situations, our main services are aligned to support the most common GDPR compliance requirements, including:

GDPR Readiness

• GDPR readiness assessment
• Data mapping / data flow diagramming
• Article 30 register development and management
• Article 6(1) and 9(1) information audit and inventory
• Incident response planning and testing
• Data protection impact assessments (DPIA) / privacy impact assessments (PIA)
• Information security assessments
• Privacy program advisory

Outsourced Data Protection Officer (DPO) Services (Art. 37-39)

• Development and Business alignment
• Setup and Configuration
• Data Protection Officer (DPO) support 

GDPR Remediation and Implementation

• Data minimisation, retention, erasure and classification policies, and process development
• Training and awareness
• Privacy internal campaigns
• Privacy notices, policies and procedures development
• Privacy by design and default
• Technical controls implementation
• Third-party processor remediation
• Review privacy agreements / clauses
• Data breach response and notification process planning
• International data transfers policies and registers development

Want to know more?