Personal Data Protection

I provide comprehensive legal services in the field of personal data protection, ensuring your compliance with the applicable rules. This includes mainly assistance with privacy notices, records of processing activities, data protection impact assessments and international data transfers formalities. Given my experience in this field, I can also act as your Data Protection Officer or EU representative.

More specifically:

I can assist you with the following:

1. GDPR Compliance: Despite their complexity, companies are expected to comply with the applicable personal data protection rules. Given my experience in this field, I assist companies in making sure they understand the applicable data protection principles, have adopted the required processes and documents, and remain compliant.

2. Privacy Policy and Cookie Policy: Organisations that process personal data are required to provide to individuals certain details about their processing activities and the individuals’ rights in respect of their data.This information is usually set out in the company’s privacy policy, which I can draft for you.

3. Record of processing activities (ROPA): In essence, this is a data mapping exercise. Amongst others, a ROPA should set out the details of categories of personal data that you process, the purposes of processing, and the categories of recipients to whom data will be disclosed. Typically, its outcome will be a comprehensive spreadsheet giving you a clear overview of your data processing activities.

4. Data protection impact assessments (DPIA): In certain circumstances(namely where the data processing activities pose a higher risk to the individuals’ rights and freedoms), you may be required to carry out a DPIA. Some businesses choose to carry out a DPIA in any case to show their accountability. This is a living document that should be reviewed regularly.

5. International transfers of personal data: Whilst transferring personal data is possible under the GDPR, the rules for doing so are notoriously complex.I can assist you in understanding this area and, depending on the recipient’s country, help you adopt and apply the appropriate data transfer mechanism.

6. Data Protection Officer (DPO) as a service: Certain organisations and types of processing require the appointment of a DPO. A DPO advises on and monitors the organisation’s compliance with the rules, and cooperates with the supervisory authority on data processing issues. Some businesses choose to appoint a DPO in any case to show their accountability. A DPO need not be an employee and can be externally appointed.

7. EU Representative as a service: Non-EU companies that process EU citizens’ personal data are required to appoint a representative based in the EU. The representative serves as the company’s point of contact for the individuals concerned as well as for supervisory authorities. I’m a director of an EU-based limited company and can therefore act as your EU Representative.

I can of course assist in other related matters not listed above. Please do reach out to me and I will be happy to hear your concerns and discuss possible solutions.
‍

Recent experience:

Participated in advising the engineer and manufacturer of humanoid Sophia on personal data protection, recommending a strategy to ensure the client’s compliance with the General Data Protection Regulation.

Act as the data protection officer for a provider of an online platform providing tools that streamline client onboarding. Regularly assist the client in preparing and reviewing its personal data protection documents and policies ensuring compliance with the applicable data protection rules.

Participated in advising a regional internet registry on GDPR compliance and anonymisation of publicly accessible records.

‍