The protection of personal data has become a growing concern for companies. Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), which came into force on 25 May 2018, is now providing greater clarity on the rights of data subjects, data controllers and data processors as well as cross-border implementation.

This is where our regulatory consulting expertise driven by Arendt Regulatory & Consulting S.A. (ARC) believes that our personal data protection experts can provide added value for your business. We can assist you with the following:

• Staff training: do you have the knowledge required to raise awareness within your business? We provide GDPR awareness training to your staff involved in processing operations as well as to personnel with permanent or regular access to personal data.
  
  
• Electronic register: we conduct an inventory of your organisation’s service providers and personal data processing on the basis of the information gathered during working sessions, potentially with the support of dedicated software to organise your action plan.
  
  
• Compliance “Score Card”: we provide you with:
  • a scoping exercise to assess your compliance status and to identify potential issues;
  • depending on your status, an analysis in the light of the GDPR requirements of the identified data processes and data processors selected, which will highlight potential gaps.
    
    
• Risk mitigation measures: we provide you with a list of recommendations and actions to be taken to achieve compliance with the new GDPR project together with the management of relevant stakeholders involved in the technical remediation.
  
  
• Documentation review: in collaboration with our lawyers at Arendt & Medernach, we assist you with the drafting of personal data procedures, personal data impact assessments (“DPIA”), updates to service agreements and data processing agreements.
  
  
• Mandate of Data Protection officer (“DPO”): do you wish to appoint a DPO to coordinate the proper implementation of the GDPR, but you would prefer not to recruit? We can take on such DPO mandate, and provide you with the benefit of our full independence, technical knowledge and a close relationship with the Luxembourg control authorities.

If you are a management company, investment fund, bank or insurance company, our Regulatory Consulting expertise can help you to assess your current level of compliance with the data protection regulation and support you in filling the identified gaps with GDPR provisions.

For more information, contact us at DataProtectionARC@arendt.com.