Privacy, accountability and AI
Organizing effective data protection, privacy and responsible application of artificial intelligence (AI) are and will remain a complex issues, with new risks emerging every day. Are you looking for pragmatic advice and its implementation?
We advise organizations on how to deal with ever-changing (legal) obligations and compliance issues.
An overview of our services
We advise on applying legislation, formulating policy and strategy, conducting investigations and constructive reporting, implementing management, security and compliance measures, training employees and staff, drafting and negotiating agreements.
Data Protection Impact Assessment
Management applies DPIAs because it is required by law, and sometimes because the research tool is practical to test the effectiveness of security and control measures taken or to be taken.
Well-planned and executed DPIAs provide management with valuable information about business processes to be improved and processing of (personal) data and trade secrets.
Data Transfer Impact Assessment
Since the Schrems II ruling, the transfer of personal data has been subject to new conditions. Using a Data Transfer Impact Assessment (DTIA), an organization conducts prior research into the privacy risks involved in a transfer of personal data to a country outside the European Economic Area (EEA).
Organizing your accountability
We use an integrated and effective methodology to make business organizations compliant with legal and contractual obligations. The methodology makes use of compliance sources and specifications, standards frameworks and codes of conduct if required. The compliance organization can be supported with IT resources. This makes it easy for regulators, auditors and company management to use the findings of compliance work.
Privacy Baseline / Quickscan
The baseline measurement is an exploratory study aimed at gaining insight into compliance with data protection laws and regulations. The object of examination may be the organization, projects and supporting IT systems and provides insight into the extent to which risks are adequately covered by management and security measures.
Organising reputation management
Reputation management is a precondition for effective business. Partners want access to each other’s reliable data. Partners give access to their company and personal data if the confidentiality of the data is protected. Well-organized reputation management not only reduces liability and cost risks, but also fulfills a prerequisite for the effective organization of business activities.
Privacy implementation and maintenance
Management has since taken the necessary measures to effectively protect personal data. Additional legislation, changing business activities, new releases of IT systems and the departure of the DPO require periodic maintenance. Additional legislation, changing business activities, new releases of IT systems and the departure of the DPO require periodic maintenance.
Taking effective control measures
The regulators expect companies to ensure that the legal requirements are not applied but are built in, “by design,” into the business processes by which business activities are organized and personal data are effectively shielded “by default.” What are the requirements for control measures, and are the control measures taken or to be taken adequate and value-based?
In addition to advice and research, we put the right tools in the form of software and platforms. This promotes the quality of our advice or research.
SBC Management System, your privacy accounting
Standard Business Compliance (SBC) management system supports effective organization of privacy and information security. You meet your administrative obligations of 1) keeping a register of personal data processing operations; 2) keeping a record of incidents and data breaches; 3) following up on requests from data subjects; 4) processor agreements and 5) investigations conducted.
Company-specific learning environment and knowledge management
We maintain a collection of awareness and training programs on behalf of Duthler Academy and companies using a company-specific learning environment. Companies use general programs and programs they use to organize specific business activities.
Are you short of capacity or knowledge? No worries. We are happy to provide you with the right professional.
Hire a DPO
When you hire an DPO through us, you have a qualified DPO without a large investment. Our DPOs are listed on Duthler Academy’s DPO Registry.
Hire a PO
Our professionals can also fill the role of privacy officer. Like the DPO, they are enrolled in Duthler Academy’s FG Registry.
One of the most important components for an organization is knowledge and awareness. With our academy, we help organizations maintain knowledge management.
Training DPO
New legislation, innovative IT measures and more effective oversight make the DPOs role more comprehensive. The position of the DPO in an organization is and remains solitary. The DPO training is designed for professionals who want to see the many sides of the work as an DPO highlighted and desire continuing education after successful completion of the course.
Three-day personal data protection training course
This three-day training is aimed at key officials and departmental management who will have to deal with establishing and maintaining effective privacy protection measures. Experienced professionals cover a variety of topics that participants can put on the agenda. We are happy to provide the training “in-house.”
Awareness in the workplace
Ultimately, it is about the organization of employees driving the processes so that the management, security and compliance measures effectively protect personal data. Workplace awareness forms a program that is company-specific and supported by the company-specific learning environment. The program is part of knowledge management and initiates behavioral change.
Frequently Asked Questions
Is protecting personal data a core business?
Yes, protecting personal data is a core business for us. We wish to serve our clients appropriately by protecting trade secrets and personal data. The reason is:
- A better value proposition and business case for the company;
- More clarity for the employees of the organization;
- Management and security measures are necessary to protect both trade secrets and personal data; and
Accountability for compliance with legal and contractual data protection obligations is accordingly.
Is it possible to create the strategic agenda data of the company or a business unit, in collaboration with professionals from Duthler Associates?
Yes, we have a lot of experience in drawing up a strategic agenda for trade secrets and personal data.
The agenda reflects the existing maturity level and develops towards a feasible level of ambition. Gaining an overview and insight into the effective organization of business activities is the starting point for the agenda. A strategic agenda for trade secrets and personal data is meaningful if there is support among management and employees for the implementation of a plan of action. When elaborating the strategic agenda, knowledge and change management are necessary to create support, to make use of the implicit knowledge of employees and to estimate the change capacity of management and employees.
What is the relationship between a strategic data agenda and a privacy statement?
Companies publish a privacy statement on their website and it is based on the strategic data protection agenda of the company management. The trade secret statement is an internal document that serves to demonstrate the effectiveness of the trade secret security measures in the event of a breach.
Could we see the strategic agenda data as a framework for the “digital transformation” that many companies are going through?
That’s how you could see it. The explicit naming of trade secrets and personal data based on the strategic agenda data approach shows what the “crown jewels” of the company are. It makes it clear that management expects adapted/increased protection for this data. The relationship between trade secrets and personal data offers the company the opportunity to combine management and security measures. That is more effective and cost efficient.
Does privacy law provide a basis for other laws and regulations?
More and more legislation uses the rules and elaboration of privacy laws. The AI Act is a prime example. Duthler Associates takes an integrated approach to its service delivery, awareness and training programs and tooling development.
Latest new
Uber fine decision “privacy rights of those involved, you better take them seriously”
With the recent fine decision of the Dutch Data Protection Authority (AP) of December 11, 2023, the …
Privacy and information security undeniably belong together.
By: Ans Duthler and André Biesheuvel Introduction Privacy and information security undeniably belong…
You need LEF to properly organize business activities
Introduction For company management and management, knowing the Legal Entity Framework (LEF) of thei…
Most important findings on privacy baseline measurements
We have been supporting organizations in various sectors with data protection and privacy issues for…
Privacy professionals very enthusiastic about new release SBC Management system
Properly organizing your privacy administration SBRPowerhouse has released a new release of the SBC …
Where is the accountant?
EDPS Conference The EDPS Conference 2022 recently took place. This year’s topic was ‘Eff…
Do you have any questions or would you like to make an appointment?
Do you have questions about organizing, implementing or building privacy protection, accountability and/or AI? Don’t hesitate to contact us!