All photography provided by Jared Chambers
WHETHER OR NOT YOUR ORGANIZATION IS REQUIRED TO COMPLY WITH ARTICLE 37 OF THE GDPR, DECIDING TO APPOINT A QUALIFIED* DPO CAN ULTIMATELY DETERMINE YOUR RISK OF A SERIOUS GDPR VIOLATION AND STRONGLY IMPACT BOTH YOUR INTERACTION WITH YOUR SUPERVISORY AUTHORITY AND THE SIZE OF A FINE:
- Your selection of a qualified DPO (Data Protection Officer) is a process that must be documented for review by regulators in the EU jurisdictions where your company operates and will need to satisfy the requirements of the most stringent EU jurisdiction in which you process personal data.
- An experienced DPO who can guide organizational Data Mapping and Privacy Impact Assessment (PIA) exercises can quickly produce valuable intelligence on how best to target your limited compliance resources.
- Appointing a DPO whose experience aligns with the complexity of the organization and promptly undertaking these key GDPR compliance assessments also demonstrate unequivocal and active compliance objectives to EU regulators.
- An appointed DPO, where required under the Article 37, will exercise significant oversight and influence onstrategic business operations. With high regulatory fines for failure to appoint a qualified person and restrictions to prohibit arbitrary removal (both selection and removal must be documented), this resource must be carefully chosen, not the least because you will identify ths individual to your supervisory regulator asyour primary point of regulatory contact.
*Appointing an unqualified DPO not capable of fulfilling its statutory obligations may trigger the same administrative fine level as the failure to appoint a DPO.
The following specific project offerings can help you assess your company's overall risk and compliance gap before establishing a DPO relationship under the GDPR.
basic GDPR Risk Assessment
In-House Privacy Risk Assessment:
$10,000 consulting fee for up to 40 hours of dedicated consulting time to identify significant risk areas and jurisdictions specific to your company and business activities. After mapping your data flows, our consultant will produce a detailed compliance risk "heat map" and related short term recommendations. (basic fee applicable only to entities with 10 relevant compliance jurisdictions or less)
GDPR compliance program design
Whether implementing a compliance solution for your cross-border transfer of HR-related PII, or preparing a strategic compliance plan to address Privacy Shield concerns or the upcoming enforcement of the EU GDPR, our standard consulting rate of $300 per hour allows you to complete your compliance project in a cost effective way, controlling and targeting your use of foreign legal counsel resources.
(Minimum Engagement 10 Hours)