Track record of successful GDPR implementations across industries.
VeraSafe will effectively operationalize a risk-based GDPR compliance program for your organization.
Key activities include:
- Data Mapping and Discovery
VeraSafe guides you through a discovery exercise, to develop your records of data processing (as required by Article 30 GDPR). This set of diligence becomes an essential information resource throughout your initial GDPR compliance project, and beyond.
- Notice and Consent
VeraSafe will review your organization’s privacy policy and propose improvements to the existing privacy policy, or draft a new one, as necessary, to comply with the GDPR. If consent is the most appropriate legal basis for certain data processing operations in your organization, we will analyze your organization’s current data collection points and recommend ways to implement consent management, or improve the quality of the consent acquired, with respect to the requirements of Article 7 of the GDPR.
- Privacy Rights
VeraSafe will analyze each information system within the scope of your exposure to the GDPR and identify cases where data subject rights (right to be forgotten, right to access, correct, update one’s personal data, right to restrict processing, etc.) are not supported. Our team will help you score or rank all compliance gaps and develop real-world solutions to close critical compliance risks.
- Vendor Risk Management
The GDPR includes specific obligations that you must pass down to any service organization you engage to process personal data on your behalf. VeraSafe has a mature methodology, including an internal knowledge base covering our approach to successfully negotiating GDPR-compliant data processing addenda with common service providers. Additionally, we help you assess vendor compliance by analyzing their third-party audit reports, or vendor security questionnaires.
- Library of SOP Templates
VeraSafe has painstakingly developed a library of data protection-related standard operating procedure templates that can be easily customized to fit your particular circumstances. We also refine your existing procedures to help ensure your operations comply with applicable privacy and cybersecurity laws.
- Data Protection Impact Assessment (“DPIA”)
Before starting new data processing initiatives under the GDPR, a data protection impact assessment must be performed, in certain cases. VeraSafe offers complete assistance and impartial advice on your DPIA, in addition to a DPIA template and documented DPIA procedure template for you to use in conducting your own DPIAs.
- Privacy Training for Staff
VeraSafe provides our proprietary all-in-one privacy and security training program: PrivacyTrain. This integrated Learning Management System includes popular computer-based training content, which can be applied across your entire organization. Detailed reporting helps you document and demonstrate compliance.
- Data Protection Officer and EU Data Protection Representative Service
VeraSafe provides both outsourced Data Protection Officer (DPO) services and GDPR Article 27 EU data protection representative services.
More information about our DPO services.
More information about our GDPR Article 27 data protection representative (DPR) services.