Protecting personal data

The management organizes the business activities with business processes. The processes are managed by departmental teams in which employees are assigned roles and fulfill tasks. A role has powers and responsibilities. On request, an employee with a role performs a task. When the task is finished, the employee lets you know and sends another employee with a role to perform the next task. In the process, the requests and the completion of tasks are recorded in data. There is a data-driven business.

Data protection and privacy is and remains a complex issue, with new risks occurring every day. Are you looking for pragmatic privacy advice and its implementation? We advise organizations on how to deal with ever-changing obligations in the areas of data protection, privacy and information security.

Interested? Contact us!

An overview of our services

Our services focus on protecting data-driven business operations. This is obvious for protecting personal data, but there are many more arguments for protecting data.

Data Protection Impact Assessment

Management applies DPIAs because it is legally required, and sometimes because the research instrument is practical to test the effectiveness of security and management measures taken or to be taken.

Well-planned and executed DPIAs provide management with valuable information about business processes that need to be improved and the processing of (personal) data and trade secrets.

Data Transfer Impact Assessment

Since the Schrems II ruling, the transfer of personal data has been subject to new conditions. On the basis of a Data Transfer Impact Assessment (DTIA), an organization conducts a preliminary investigation into the privacy risks involved in a transfer of personal data to a country outside the European Economic Area (EEA).

Privacy Nulmeting / Quickscan

The baseline measurement is an exploratory study aimed at gaining insight into compliance with data protection laws and regulations. The investigation provides the person responsible, the board of directors and the supervisory board, with insight into the extent to which the risks are covered by measures and the effective operation of these measures.

Organizing reputation management

Reputation management is a precondition for effective business. Partners want access to each other’s reliable data. Partners give access to their company and personal data if the confidentiality of the data is protected. Well-organized reputation management not only reduces liability and cost risks, but also fulfills a prerequisite for the effective organization of business activities.

Privacy implementation and maintenance

The GDPR requirements and AP supervision have led companies to protect personal data. In the meantime, a DPO has often been appointed, awareness campaigns have been held and processing agreements have been concluded, and data leaks are being tracked. This is not enough if we read the guidelines of the regulators. In addition, new and adjacent legislation has emerged and powerful tools are coming onto the market with which the protection of personal data can be effectively organized. How do we bridge the expectation gap?

Taking effective control measures

The European supervisors expect in their guidelines from companies that the legal requirements “will not be applied” but “will be built into” the business processes with which business activities are organized. What are the requirements for control measures and are the control measures taken or to be taken adequate and stable in value? Are the security and control measures included in the (to be purchased) IT systems?

Training program to protect personal data

This is a subject that remains on the agenda of the management. The importance is clear to everyone, but how do you organize that? We have made an attempt to organize business activities and set up control measures. It is necessary for us to provide value-retaining services.

Frequently Asked Questions

Do we completely abandon the protection of personal data?

No, protecting personal data is and will remain a core activity for us. We wish to serve our clients appropriately by protecting trade secrets and personal data. The reason is:

A better value proposition and business case for the company;
More clarity for the employees of the organization;
Management and security measures are necessary to protect both trade secrets and personal data; and

Accountability for compliance with legal and contractual data protection obligations is accordingly.

Is it possible to draw up the strategic agenda data of the company or a business unit, in collaboration with professionals from Duthler Associates?

Yes, we have a lot of experience in drawing up a strategic agenda for trade secrets and personal data.

The agenda reflects the existing maturity level and develops towards a feasible level of ambition. Gaining an overview and insight into the effective organization of business activities is the starting point for the agenda. A strategic agenda for trade secrets and personal data is meaningful if there is support among management and employees for the implementation of a plan of action. When elaborating the strategic agenda, knowledge and change management are necessary to create support, to make use of the implicit knowledge of employees and to estimate the change capacity of management and employees.

What is the connection between a strategic data agenda and a privacy statement?

Companies publish a privacy statement on their website and it is based on the strategic data protection agenda of the company management. The trade secret statement is an internal document that serves to demonstrate the effectiveness of the trade secret security measures in the event of a breach.

Could we see the strategic data agenda as a framework for the “digital transformation” that many companies are going through?

That’s how you could see it. The explicit naming of trade secrets and personal data based on the strategic agenda data approach shows what the “crown jewels” of the company are. It makes it clear that management expects adapted/increased protection for this data. The relationship between trade secrets and personal data offers the company the opportunity to combine management and security measures. That is more effective and cost efficient.