VeraSafe CBPR and PRP Systems Dispute Resolution Procedure

1. Introduction.

1.1. This VeraSafe Dispute Resolution Procedure (this “Procedure”) is provided and administered by VeraSafe, LLC (“VeraSafe”). It combines facilitation, mediation, and review for the resolution of complaints alleging that a Participant in the APEC CBPR System Certification Program, APEC PRP System Certification Program, Global CBPR System Certification Program or Global PRP System Certification Program (each, an “Applicable VeraSafe Program”) has failed to comply with the Applicable System Requirements (as defined below), whether as a Controller (as defined below) certified under the CBPR (as defined below) System or as a Processor (as defined below) certified under the PRP (as defined below) System. The Procedure is designed to support compliance with the Applicable System Requirements and does not involve arbitration, legally binding awards, or judicial processes. VeraSafe does not act as an arbitrator or legal adjudicator under this Procedure. This Procedure applies to Participants in their capacity as Controllers or Processors, as defined under the CBPR and PRP Systems respectively. When evaluating Complaints against a Processor, VeraSafe will assess compliance with the Applicable PRP System Requirements, which include obligations to act only under the instructions of a Controller and to implement appropriate safeguards. When evaluating Complaints against a Controller, VeraSafe will assess compliance with the Applicable CBPR System Requirements.

1.2. By participating in the Procedure, the Parties agree as follows:

2. Definitions.

2.1. The following definitions apply to the Procedure:

  1. “Accountability Agent” means an independent third-party organization or entity authorized to certify that a company complies with the CBPR System and/or PRP System.
  2. “Annual Procedure Report” means the yearly public report that may be prepared by VeraSafe summarizing activity under the Procedure, including Complaint outcomes, referrals, and anonymized case notes.
  3. “Applicable CBPR System Requirements” means the program requirements established under the APEC Cross-Border Privacy Rules System or the Global Cross-Border Privacy Rules System, as applicable.
  4. “Applicable PRP System Requirements” means the program requirements established under the APEC Privacy Recognition for Processors System or the Global Privacy Recognition for Processor Systems, as applicable.
  5. “Applicable System Requirements” means the requirements for the applicable Program, such as the APEC CBPR System Requirements, the Global CBPR System Requirements, the APEC PRP System Requirements or the Global PRP System Requirements.
  6. “CBPR” means the APEC Cross-Border Privacy Rules or the Global Cross-Border Privacy Rules.
  7. “Claim” means the subject matter of a Complaint, including the allegations and supporting information provided by the Complainant, as well as any subsequent documentation or defenses submitted by the Participant.
  8. “Complainant” means a person who has filed a Complaint with VeraSafe under the terms of the Procedure.
  9. “Complaint” means an allegation of non-compliance with Applicable System Requirements registered with VeraSafe under the terms of the Procedure.
  10. “Controller” means an entity that determines the purposes and means of the processing of Personal Information.
  11. “Credible Evidence” means purported facts that, when viewed in light of surrounding circumstances, are highly and substantially likely to be true.
  12. “Participant” means a member of the VeraSafe APEC CBPR Certification Program, the VeraSafe Global CBPR Certification Program, the APEC PRP System Certification Program or the Global PRP System Certification Program who is in good standing in a Program.
  13. “Party/Parties” means the Complainant and the Participant.
  14. “Personal Information” means information about an identified or identifiable individual.
  15. “Procedure Hearing” means a hearing conducted by VeraSafe in accordance with the terms of Section 8.
  16. “Procedure Submissions” means all documents, writings, briefs, evidence, and other material, submitted to the Procedure by the Parties in accordance with Section 5.3, or by VeraSafe.
  17. “Processor” means an entity that processes Personal Information on behalf of a Controller.
  18. “Program” or “Programs” mean, individually one of, or collectively all of, the VeraSafe APEC CBPR Certification Program or the VeraSafe APEC PRP System Certification Program.
  19. “PRP” means the APEC Privacy Recognition for Processors or the Global Privacy Recognition for Processors.
  20. “Settlement Agreement” means a written agreement reached by the Parties as resolution of a Complaint.

2.2. Capitalized terms not defined herein have the definition ascribed to them in the Applicable System Requirements.

3. No Guarantee.

3.1. VeraSafe can offer no guarantee that the outcome of the Procedure will be an outcome with which either Party, or the Parties, will be satisfied. By utilizing the Procedure, the Parties agree that neither VeraSafe nor any of its non-Party affiliates has any liability for the outcome of the Procedure.

4. Permitted Outcomes.

4.1. The Parties agree that the possible outcomes that a Complainant may seek via the Procedure and the maximum relief that VeraSafe shall assign in a Procedure Hearing are limited to the following permitted outcomes (the “Permitted Outcomes”). Permitted Outcomes are only those that may require:

  1. the effects of non-compliance with the Applicable System Requirements to be reversed or corrected by the Participant;
  2. that future data processing by the Participant be in conformity with the Applicable System Requirements;
  3. that the Participant cease processing Personal Information of the Complainant;
  4. that the Participant delete the Complainant’s Personal Information that was processed contrary to the Applicable System Requirements;
  5. VeraSafe’s publicizing the Participant’s non-compliance with the Applicable System Requirements, as applicable;
  6. the temporary suspension and/or removal of the Participant’s license to display a seal that displays certification to the APEC Cross-Border Privacy Rules System, to the Global Cross-Border Privacy Rules System, the APEC Privacy Recognition for Processors System or the Global Privacy Recognition for Processor System;
  7. the Participant to comply with other injunctive orders; and/or
  8. other penalties, including monetary penalties, as deemed appropriate by VeraSafe.

5. Complaint Filing Procedure.

5.1. Prior to Filing Complaint. Complainants are encouraged to read the Participant’s privacy policy or privacy notice entirely before filing a Complaint with VeraSafe.

5.2. Information Required for Complaint. Complainants are required to provide certain information to VeraSafe in order to successfully file a Complaint under the Procedure. Specifically, the Complaint must:

  1. allege the Participant’s failure to comply with the Applicable System Requirements of a Program in which the Participant is in good standing;
  2. include the desired outcome that is being sought;
  3. include the fullest possible account of facts and events giving rise to the Complaint;
  4. if any damages and/or harm are alleged, include specific details of the harm and/or damages;
  5. include valid contact information for the Complainant;
  6. include authorization to share the Complaint with the Participant;
  7. include all available documentation to support the Complaint;
  8. include a declaration, under penalty of perjury under the laws of the United States of America, that all information submitted to or filed with VeraSafe under the Procedure is true and correct; and
  9. indicate whether the Complainant consents to share any Personal Information with the relevant enforcement authority in connection with a request for assistance.

5.3. Medium for All Procedure Submissions.

  1. Complaints may only be initiated by submitting the required information to VeraSafe via one of the following methods:
    1. VeraSafe’s online complaint form located at: https://verasafe.com/public-resources/dispute-resolution/submit-dispute/; or
    2. Email at: [email protected].
  2. VeraSafe will provide correspondence to the Parties electronically by email.
  3. The Parties shall make all Procedure Submissions electronically.
  4. Correspondence and other Procedure Submissions shall be considered delivered to the recipient immediately upon their electronic transmission by the sender.

5.4. Notification of Determination. Upon determining whether a Complaint is within scope, VeraSafe shall notify the Complainant of the outcome of its determination.

5.5. Confidentiality and Timelines. All Complaints and Procedure Submissions shall be handled in a confidential and timely manner. VeraSafe will use reasonable efforts to process and resolve all Complaints within 90 calendar days of the Eligibility Determination (as defined below), unless circumstances require additional time, in which case the Parties shall be informed. If the 90-day timeframe cannot be met due to exceptional complexity or external dependencies, VeraSafe will provide an estimated resolution date to the Parties.

6. Eligibility.

6.1. Eligible Complainant. For a Complainant to be eligible to file a Complaint under the Procedure, the Complainant must be above 12 years of age at the moment the Complaint is filed under the Procedure.

6.2. Eligible Complaint. For a Complaint to be eligible, the Complaint must:

  1. contain all the information required under Section 5.2;
  2. name a Participant that is in good standing in an Applicable VeraSafe Program as a defendant in the Complaint;
  3. concern a Participant’s obligations under an Applicable VeraSafe Program;
  4. not solely rely on relief or outcomes beyond those permitted under the Procedure, with the understanding that VeraSafe is only authorized to grant the Permitted Outcomes described in Section 4.1.;¹
  5. have been attempted to be resolved by the Complainant, acting in good faith, directly with the Participant in accordance with Section 6.3;
  6. be filed under the Procedure for the first time, except for Complaints alleging a Participant’s failure to comply with a previous Settlement Agreement; and
  7. not have been previously resolved or settled by court action, arbitration, or other form of dispute resolution.

6.3. Prior Good Faith Attempt to Resolve Complaint. Complainants must make a good faith effort to resolve the dispute directly with the Participant before filing the Complaint with VeraSafe. This may include, for example, submitting a concern through the Participant’s designated privacy contact, customer support channel, or other publicly available means of communication. A single outreach attempt is generally sufficient to satisfy this requirement. If VeraSafe determines, in its sole discretion, that no good faith effort attempt to resolve the dispute has been made, VeraSafe will:

  1. direct the Complainant to try to resolve the Complaint with the Participant directly;
  2. advise the Complainant that he or she can re-file the Complaint as outlined herein if the attempt to resolve the Complaint with the Participant does not yield satisfactory results; and
  3. dismiss the Complaint without prejudice.

6.4. Eligibility Determination. If the requirements of Section 6.2 are met with respect to a Complaint, VeraSafe will, in its sole discretion, make a determination as to whether enough information is included therein to sustain the complaint (an “Eligibility Determination”). If the Complaint is found to be ineligible, VeraSafe will close the Complaint and promptly notify the Complainant of the outcome. If VeraSafe concludes that additional information is needed to sustain the Complaint, it shall promptly contact the Complainant and advise him or her of the need for further information. If VeraSafe does not receive the requested information within 15 business days of its request, it shall advise the Complainant that it cannot proceed.

6.5. Complainant’s Right to Appeal the Eligibility Determination. Complainants have the right to appeal the Eligibility Determination within 10 business days of receiving the Eligibility Determination. If the Complainant can furnish Credible Evidence to VeraSafe that a material error was made in the Eligibility Determination, VeraSafe will duly re-examine the Complaint and make a final Eligibility Determination.

6.6. Coordination with Other Accountability Agents. If an eligible Complaint requires input from or otherwise involves other Accountability Agents recognized by the Asia-Pacific Economic Cooperation, VeraSafe will coordinate with such Accountability Agents to determine the appropriate procedure for evaluating the Claim, as appropriate and where possible. If coordination requires a delay in VeraSafe’s response timeframes, VeraSafe will notify the Complainant of the reason and expected timeline for resuming the Procedure.

6.7. Forwarding of Processor-Related Complaints. Where the Complaint is submitted by an individual and concerns the processing of that individual’s Personal Information by a Participant certified under the APEC PRP System Certification Program or the Global PRP System Certification Program (i.e., acting as a Processor), VeraSafe shall:

  1. in a timely manner, forward the Complaint either (i) to the Participant and verify that it has been forwarded to the applicable Controller if identified, or (ii) directly to the applicable Controller, if appropriate and known;
  2. provide written notice to the Complainant and the Participant when such forwarding has occurred; and
  3. obtain the Complainant’s consent before disclosing Personal Information to any government or privacy enforcement authority in connection with the Complaint.

6.8. Complaints from Controllers. VeraSafe also accepts Complaints from Personal Information Controllers, including where a Processor Participant may have failed to meet its obligations under the APEC PRP System or the Global PRP System. These Complaints will be processed under the Procedure in the same manner as individual Complaints, with adjustments as necessary to reflect the Controller’s role in the relationship.

7. Consultative Mediation.

7.1. Participant’s Response to Complaint. Complaints that are found to be eligible will be shared by VeraSafe with the Participant. The Participant must file its response to the Complaint (“Response to Complaint”) with VeraSafe within 20 business days, which VeraSafe will share with the Complainant. The Response to the Complaint shall either:

  1. defend the Participant’s actions as permissible under the Applicable System Requirements;
  2. dispute the validity of information presented in the Complaint and provide all available documentation to support the dispute; or
  3. admit fault and agree to remedy the alleged breach of the Applicable System Requirements.

7.2. Participant’s Failure to Respond. If the Participant fails to file a timely Response to Complaint, the failure to comply with the Procedure will be duly noted in the next Annual Procedure Report, and VeraSafe shall refer the matter to the appropriate government agency pursuant to Section 11.

7.3. Complaint Investigation. VeraSafe will conduct a review of the Complaint and the Participant’s response, and may investigate the facts and circumstances surrounding the Complaint. This investigation may include interviews, review of supporting documentation, and requests for clarification or additional information from either Party. The purpose of this investigation is to determine whether there is Credible Evidence of non-compliance with the Applicable System Requirements and to support resolution of the Complaint. VeraSafe may, at its discretion, share the outcome of the investigation or a summary thereof with the Parties prior to the Mediation Teleconference or Procedure Hearing.

7.4. Mediation Teleconference. If a Complainant is not satisfied with the Response to Complaint, the Complainant may file with VeraSafe a request for a mediation teleconference (“Mediation Teleconference”) within 10 business days of receiving the Response to Complaint. The Mediation Teleconference is an informal process to re-examine the Complaint and guide the Parties towards a mutually agreeable solution or settlement. VeraSafe will provide and appoint a mediator to lead the Mediation Teleconference. VeraSafe will schedule the teleconference with due regard for the schedules of the Parties and will notify the Parties of the scheduled time and date no less than 15 days prior to the scheduled Mediation Teleconference.

7.5. Possible Outcomes of Mediation Teleconference.

  1. Complainant Failure to Comply: Closed by Default. If the Complainant fails to appear at the scheduled time of the Mediation Teleconference or comply with the Mediation Teleconference procedure described in Section 7.4, it will be assumed that the Response to Complaint has satisfied the Complainant, and the Complaint will be closed by default and the Parties duly notified.
  2. Participant’s Failure to Comply: Referral to Governmental Agency and Closed by Referral. If the Participant fails to appear at the scheduled time of the Mediation Teleconference or comply with the Mediation Teleconference procedure, the failure to comply with the Procedure will be duly noted in the next Annual Procedure Report, and VeraSafe shall refer the matter to the appropriate government agency pursuant to Section 11.
  3. Mutual Settlement Agreement: Closed by Settlement. If the Parties reach an agreement during the Mediation Teleconference, VeraSafe will record the Settlement Agreement parameters and notify both parties in writing of the terms of the Settlement Agreement, as decided by the Parties, within 5 business days of the Mediation Teleconference or as soon as practicable thereafter. The Complaint will then be closed by settlement.
  4. No Settlement Reached. Prior to the closure of a dispute but no later than 10 business days after a Mediation Teleconference, a Complainant may file with VeraSafe a request for a Procedure Hearing, including a detailed brief (the “Brief”) describing the complaint. If no Settlement Agreement is reached during the Mediation Teleconference and the Complainant has not requested a Procedure Hearing within 10 business days of the Mediation Teleconference, it will be assumed that the Response to Complaint has satisfied the Complainant, and the Complaint will be closed by default.

8. Procedure Hearing.

8.1. Overview. In a Procedure Hearing, one or more VeraSafe officers (collectively, the “Hearing Officer”) will review the Complaint and all Procedure Submissions in a fair and impartial way and determine if clear, convincing, and satisfactory evidence is present to support the Section 5.2 allegation made in the Complaint.

8.2. Procedure Hearing Officer.

  1. The Hearing Officer shall hold a current CIPP/US or CIPM credential from the International Association of Privacy Professionals (IAPP) or hold a Juris Doctor from an American Bar Association accredited law school. For more information on the IAPP credentialing programs, see the IAPP website.
  2. The Hearing Officer shall be impartial and neutral in the application of the Procedure.

8.3. Exchange of Brief and Rebuttal. Upon receipt of the request for a Procedure Hearing, VeraSafe will forward the Brief to the Participant. The Participant shall provide a rebuttal to VeraSafe within 10 business days of receiving the Brief.

8.4. Late Filings and Extensions. If a Party submits required information after the specified time limits, the untimely information shall not be submitted to the Hearing Officer unless VeraSafe grants an extension for good cause. In lieu of such untimely Procedure Submissions, the Hearing Officer will proceed to use all other available Procedure Submissions in making its decision with respect to the Complaint (the “Hearing Decision”).

8.5. Procedure Hearing Administration and Procedure.

  1. Information and Investigation.
    1. Request for Information. The Hearing Officer may request additional information or seek clarification from either Party regarding the Procedure Submissions.
    2. VeraSafe Investigative Analysis. An independent team at VeraSafe may impartially investigate the Procedure Submissions and furnish to the Hearing Officer its analysis of the validity of each essential fact presented in the Procedure Submissions. The results of such investigation shall then be included as a Procedure Submission for the Procedure Hearing.
  2. Hearing Decision and Burden of Proof.
    1. Substantiated Complaints. If in due examination of the Procedure Submissions, and in due consideration of the totality of the circumstances, the Hearing Officer determines that the available evidence does clearly, convincingly, and satisfactorily substantiate the allegations made in the Complaint in accordance with the requirements of Section 5.2 hereof, the Hearing Officer will issue a reparation order (the “Reparation Order”) requiring the Participant to comply with one or more Permitted Outcomes, as appropriate to the circumstances. The Parties will be notified of the Reparation Order. The Reparation Order is a non-binding resolution issued by VeraSafe in its capacity as an Accountability Agent and does not carry the force of law or judicial enforceability.
    2. No Action Taken. If in due examination of the Procedure Submissions, and in due consideration of the totality of the circumstances, the Hearing Officer determines that the available evidence does not clearly, convincingly, and satisfactorily substantiate the allegations made in the Complaint in accordance with the requirements of Section 5.2 hereof, the Complaint will be closed as “Closed – No Action Taken” and the Parties duly notified.

9. Participant’s Performance of Reparation Order or Settlement.

9.1. Compliance Monitoring. VeraSafe will monitor the Participant’s compliance with any Reparation Orders and Settlement Agreements.

9.2. Participant’s Non-Compliance. If the Participant fails to comply with a Settlement Agreement or Reparation Order issued under the Procedure, the failure to comply with the Procedure will be duly noted in the next Annual Procedure Report and VeraSafe shall refer the matter to the appropriate government agency pursuant to Section 11.

10. Complaint Closure.

10.1. VeraSafe will notify the Parties when the Complaint has been resolved, whether by Settlement Agreement, Hearing Decision, or other closure.

10.2. VeraSafe will close the Complaint when:

  1. VeraSafe determines that the Complaint or Complainant is not eligible pursuant to Section 6;
  2. VeraSafe determines that additional information is needed to substantiate the Complaint and that such information was not timely received by VeraSafe pursuant to Section 6.4;
  3. the Complainant withdraws the Complaint;
  4. the Parties have reached a Settlement Agreement and VeraSafe has Credible Evidence that the Participant has complied with the Settlement Agreement within a reasonable time;
  5. the Hearing Officer for the Complaint has issued a Hearing Decision and if a Reparation Order has been issued, VeraSafe has Credible Evidence that the Participant has complied with the Reparation Order within a reasonable time;
  6. VeraSafe has referred the matter to a government agency pursuant to Section 11; or
  7. the Complainant materially breaches any term(s) of the Procedure.

11. Referral to Government Agencies and Cooperation with Other Accountability Agents

11.1. Subject to Section 11.2, VeraSafe may, in its sole discretion, refer matters to appropriate government agencies if:

  1. the Participant refuses to comply with the Procedure in regard to a Complaint that has been filed with VeraSafe; or
  2. VeraSafe determines that the Participant has failed to comply with a Settlement Agreement or Reparation Order issued under the Procedure within a reasonable time.

11.2. Before referring any matter to the appropriate government agency, VeraSafe must first notify the Participant of the intended referral and give the Participant a reasonable opportunity of at least 10 business days to cure any breach or failure to perform under the Procedure.

11.3. Reports of referrals to government agencies shall be included in VeraSafe’s Annual Procedure Report.

11.4. Where appropriate and possible, VeraSafe shall cooperate on complaint processing with other Accountability Agents, as needed, in accordance with the Applicable System Requirements.

12. Public Reporting.

12.1. VeraSafe shall publish its Annual Procedure Report when there is relevant data to report and shall communicate the contents of each report to the appropriate privacy enforcement authority and relevant government agency. Annual Procedure Reports will not be published when no Complaints have been filed under the Procedure. Annual Procedure Reports shall:

  1. provide a statistical summary of the number and nature of Complaints filed under the Procedure during the period;
  2. provide a statistical summary of the number and nature of Settlement Agreements and Reparation Orders issued under the Procedure during the period;
  3. provide a statistical summary of the number and nature of Complaints deemed ineligible during the period pursuant to Section 6, including the specific reason(s) for determinations of ineligibility;
  4. for each Complaint that VeraSafe refers to a government agency pursuant to Section 11 during the period, provide a summary (including the Participant’s name) of the nature and outcome of the Complaint;
  5. provide a statistical summary of the number of Complaints during the period that took longer than 3 months to resolve;
  6. include, in anonymized form, case notes on a selection of closed Complaints and Complaints during the period where Settlement Agreements and Reparation Orders were issued under the Procedure, illustrating typical or significant interpretations and notable outcomes; and
  7. be published online on VeraSafe’s website.

12.2. The statistical summaries described in Section 12.1 hereof shall be comprised solely of aggregated anonymous data. If the number of Complaints received in a given period does not allow such anonymity, VeraSafe may provide an alternative or forgo such statistical summaries.

13. Confidential Information and Data Retention.

13.1. Other than the Hearing Decisions and except as noted in Sections 11 and 12, all Procedure Submissions, deliberations, meetings, proceedings, and writings with respect to a Complaint filed under the Procedure shall be treated as confidential by VeraSafe.

13.2. The Parties agree that during the application of the Procedure they will treat any information provided to them by VeraSafe as confidential, and that they will not share such information with anyone other than those persons directly involved in the handling of the Complaint.

13.3. VeraSafe will retain all relevant Complaint records, Procedure Submissions, and related documentation for a minimum of 5 years from the date of Complaint closure, in secure storage and accessible format, to support audits, reviews, or further regulatory actions.

14. Complainant’s Right to Withdraw.

14.1. A Complainant has the right to withdraw its Complaint at any time during the application of the Procedure by submitting to VeraSafe a request to withdraw the Complaint.

  1. The complaint will then be closed as “Closed – Withdrawn,” and the Parties will be notified electronically.

15. Limitation of VeraSafe’s Liability.

15.1. Except in the case of deliberate wrongdoing, and except to the extent that such a limitation of liability is prohibited by applicable law, and with the knowledge that VeraSafe’s application of the Procedure is for the benefit of the other Parties involved and not for the benefit of VeraSafe, the Parties acknowledge and agree that the following are not liable for any act or omission in connection with the Procedure: VeraSafe, its affiliates, or its or their directors, officers, employees, contractors, other staff, or counsel (collectively, the “VeraSafe Representatives”).

16. Waiver of Subpoena.

16.1. By participating in the Procedure, the Parties agree that they will not subpoena any of the following in any legal proceeding arising out of the matters at issue in the Procedure or Complaint: any VeraSafe Representative or any records relating to the Procedure.

17. Language.

17.1. VeraSafe will conduct the Procedure in English but will provide translation services as necessary.

18. Hold Harmless.

18.1. The Participant agrees to hold the VeraSafe Representatives harmless from any liability, loss, or damage the Participant may suffer as a result of Complaints, claims, demands, costs, Reparation Orders, or judgments against them arising out of the Procedure.

18.2. The Complainant agrees to hold the VeraSafe Representatives harmless from any liability, loss, or damage the Complainant may suffer arising out of the Procedure or the acts or omissions of the Participant that gave rise to the Complaint.

19. Relationship of the Parties, No Commercial Relationship With VeraSafe.

19.1. Relationship between the Parties. Nothing contained in the Procedure shall be construed to create the relationship of principal and agent, partnership or joint venture, or any other commercial relationship between VeraSafe and any other person, including any Party.

19.2. No Authority. The Parties have no authority to act as agent for, or on behalf of, VeraSafe, or to represent VeraSafe, or to bind VeraSafe in any manner.

20. Changes to the Procedure.

20.1. VeraSafe may update this Dispute Resolution Procedure from time to time by posting a new version on its website, and will include a “Last Updated” date or similar designation indicating the date of the change.

21. Contact VeraSafe.

21.1. VeraSafe may be contacted with questions about this Procedure (but not, for the avoidance of doubt, with Complaints) via email at [email protected].

  1. 1.
    Note: Complaints that request additional relief beyond the scope of Section 4.1 will not be deemed ineligible on that basis alone, as long as the core allegations concern a Participant’s non-compliance with the Applicable System Requirements.

Why VeraSafe?

Track record of successful GDPR implementations across industries.

Work directly with our in-house team of US and European attorneys, IT experts, and project managers.

Strategic, risk-based approach to compliance.

Fully customizable GDPR compliance program, tailored to fit your needs.

Holistic approach: We help you identify business opportunity hidden inside the GDPR.

Going beyond just EU privacy law, VeraSafe is your end-to-end partner for the entire privacy and cybersecurity domain.