All photography provided by Jared Chambers
WHETHER OR NOT YOUR ORGANIZATION IS REQUIRED TO COMPLY WITH ARTICLE 37 OF THE GDPR, DECIDING TO APPOINT A QUALIFIED* DPO CAN ULTIMATELY DETERMINE YOUR RISK OF A SERIOUS GDPR VIOLATION AND STRONGLY IMPACT BOTH YOUR INTERACTION WITH YOUR SUPERVISORY AUTHORITY AND THE SIZE OF A FINE:
- Your selection of a qualified DPO (Data Protection Officer) meeting the requirements of Article 37 is a process that must be documented for review by regulators in any of the EU jurisdictions where your company handles personal data and meet the standards of the most stringent EU jurisdiction in which you process personal data.
- An experienced DPO who can guide organizational Data Mapping, Data Inventory and Privacy Impact Assessment (PIA) exercises can quickly produce valuable intelligence on how best to target your limited GDPR compliance resources.
- Appointing a DPO whose experience aligns with the complexity of the organization is required under the GDPR and promptly engaging a DPO to immediately undertake these key GDPR compliance assessments also helps demonstrate an active compliance commitment to EU regulators.
- An appointed DPO, where required under the Article 37, will exercise significant oversight and influence on strategic business operations. With high regulatory fines for failure to appoint a qualified person and restrictions to prohibit arbitrary removal of a DPO once appointed, this resource must be carefully chosen, not the least because you will identify this individual to your supervisory regulator as your primary point of regulatory contact.
*Appointing an unqualified DPO not capable of fulfilling its statutory obligations may trigger the same administrative fine level as the failure to appoint a DPO.
The following specific project offerings can help you assess your company's overall risk and compliance gap before establishing a DPO relationship under the GDPR.
basic GDPR Risk Assessment
In-House Privacy Risk Assessment:
$10,000 consulting fee for up to 40 hours of dedicated consulting time to identify significant risk areas and jurisdictions specific to your company and business activities. After mapping your data flows, our consultant will produce a detailed compliance risk "heat map" and related short term recommendations. (basic fee applicable only to entities with 10 relevant compliance jurisdictions or less)
GDPR compliance program design
Whether implementing a compliance solution for your cross-border transfer of HR-related PII, or preparing a strategic compliance plan to address Privacy Shield concerns or the upcoming enforcement of the EU GDPR, our standard consulting rate of $300 per hour allows you to complete your compliance project in a cost effective way, controlling and targeting your use of foreign legal counsel resources.
(Minimum Engagement 10 Hours)