Let us streamline your GDPR compliance journey

From project management to expert consulting, along with top-notch GDPR tools and training – we’ve got you covered for success!

Some happy customers (“GDPR Heroes”)

We have over 500 satisfied customers, here are some of them. We’d love to help you too!

GDPR Hero Facket för skogs, trä och grafisk bransch
GDPR Hero Folktandvården
GDPR Hero Civil RIghts Defender
GDPR Hero Carbiotix
GDPR Hero Carbiotix
GDPR Hero Pågen

We will keep you updated

Subscribe to our alert service and get the latest GDPR news!

Want to know how we process your personal data? – Click here!

Alert service

1. Educate yourself

GDPR is easy but there is a lot of faulty or misleading information out there. Do yourself a favor and learn the basics. Above, we’ve gathered 20 very useful minutes from our comprehensive e-learning series. Enjoy!

2. Set up expectations and goals

Lawful processing

Vendor due diligence

Privacy breach readiness

In-house training to minimize human error

* Example picture of a compliance tracker, from the UK privacy authority (ICO)

3. Map out what you do and what you have

Lawful processing

Vendor due diligence

Privacy breach readiness

In-house training to minimize human error

 

* Example picture of a compliance tracker, from the UK privacy authority (ICO)

 

Do you want more information?

Ready to get started?

4. Documentation (almost) writes itself

Privacy policy

Data breach reporting

Data Subject Access Requests

DPO and compliance team internal audits

5. Audit, Measure, Improve

  • Benchmark
  • Audit
  • Prioritize
  • Assign
  • Show improvement
  • Budget

 

We will keep you updated

Subscribe to our alert service and get the latest GDPR news!

Want to know how we process your personal data? – Click here!

Alert service

Consent as Lawful Basis for processing personal data

All processing of personal data must be based on a legal basis. Consent is one of the six lawful bases in GDPR. One of the most important aspects of personal data processing for organisations is that each processing of personal data must be based to one of the lawful...

What do we need to know about Personal Data Breach Notification?

According to the GDPR, data controllers are required to notify their competent supervisory authority in case of a personal data breach. Notification must be made within 72 hours of the controller becoming aware of the breach. Within this relatively slim time period,...

Data processing agreements

Data processing agreements (DPA) are an essential part for organisations which transfers or collects personal data from other organisations, where the purpose is determined by one of the parties. This blog post answer the questions of when a DPA is needed and what...

For how long can we keep personal data?

A common question we receive is “For how long can we store personal data?” The short answer is: “As long as you can motivate and justify your need of the personal data”. It is not possible to specify a specific time limit for all types of personal data, because the...

The right to erasure – some common misconceptions

It is a common misconception that data subjects have an absolute right to demand erasure of their personal data at request, according to article 17 GDPR. However, this is not the case in practice because there are many exceptions that apply to this right. These are...

How to write a Privacy Policy

Transparency is one of the fundamental principles of the GDPR. All organisations need to ensure that the data subjects have access to information about how they process personal data. The information must be presented in a...

Social media and the GDPR

Social media is often used for targeted marketing. This raises the question who is responsible for the different processing’s and if it is possible to avoid responsibility, since there are different actors involved. This blogpost aims to clarify the roles and...

Clarification regarding the concepts of controller and processor

An important part of the GDPR is to know whether your organisation is controller or processor for a certain processing. In some cases, your organisation might even be joint controller with another organisation. We have written about this before but it can not be...

Can we collect personal data concerning our member’s relatives?

We receive many questions regarding relatives’ data. Data concerning relatives can be collected in different contexts. First and foremost, many think that data concerning relatives is collected regarding relatives of employees, but it might be of interest to collect...

How you can process personal data in accordance with the GDPR

In the GDPR, some of the articles only apply to certain categories of personal data. These specialised articles are important to understand in order to process personal data legally. The categories of personal data that is often called sensitive is one of the certain...