Compliance with the general data privacy regulation is mainly a legal obligation for organizations, but it can also bring serious business advantages.

If an organization treats personal information in its possession responsibly, it reflects trust to its partners.


  1. The main goal of GDPR projects for the organizationsis to comply with the legal obligations, and for them to be able to prove the compliance to the authorities.
  2. Data protection must become as determining through product and service development as it is for general operations.
  3. A change of attitude is required for members of the organizations, compliance shouldn’t only manifest on the created documents.
  4. Compliance needs to serve the long term goals of customers.
  5. From the first steps towards compliance, involvement of members of the organization is crucial.
  6. During the creation of compliance, focus have to be on thorough and complete practical execution, over complicating the problem should be avoided.


Our GDPR–compliance services consist of the following six main activities:


1. Define GDPR compatibility goals:

Identify the relevant fields and roles regarding GDPR in accordance with the activities and partnerships of the organization.


2. GDPR survey:

Examine the business processes which contains data processing, identify processed data categories– create a data processing map.


3. Examine GDPR compliance on the following fields:

  • Compliance with principles
  • Managing the rights of data subjects
  • Obligation to inform
  • Organizational, personal, technological compliance
  • Managing personal data breaches
  • Relations with the authorities


4. Process / system level GAP – analysis, creation of technological and organizational action plan:

  • Define actions regarding processes, regulations and information necessary for GDPR compliance based on the survey.
  • Define tasks with specific responsibilities (data protection record, data protection impact assessment, data protection officer, special international affairs management).


5. Complete tasks, revealed during the course of the GAP – analysis, for example:

  • Design data processing record in accordance with GDPR
  • Formulate and prepare to disclose GDPR compatible information materials.
  • Develop consent statements system
  • Creating the necessary procedures and regulations for handling data subject rights.
  • Development and modification of general (privacy policy, development policy e.g.) and IT (IT security regulation, BCP/DRP, archiving/saving policy, document handling/scrapping, IT asset management regulation) regulation elements.
  • Regulation of handling, notification and recording of personal data breaches, and of informing the data subjects.
  • Creating a prospectus about the data processor principles and the security measures.
  • Complete contract templates


6. Specify IT development requirements needed for compliance:

High level requirement specifications of IT developments needed for GDPR compliance.


We successfully completed many GDPR compliance projects for our customers in different industries, such as pharmaceutical industry, IT sectorand state administration. We assisted our business partners in solving a wide range of tasks: promoting software compliance, conducting GDPR – audit, attaining process compliance, reviewing data processor contracts.