Data Privacy Group is a “one stop shop” for your regional and global data protection needs. Irrespective of your international jurisdiction, our global team serves you globally with local, regional and international data protection services. Our solution is complete, end-to-end, builds bridges between IT, legal and business, and adheres to best practices. We empower your organization to avert costly data breaches and reduce risks of non-compliance that could result in fines from the regulator and loss of trust of your customers.
We have designed a scalable Data Protection service “packages” within the Asian market that will suit start-ups, corporations, groups as well as international conglomerates, irrespective of the sphere of industry. Alternatively, we can provide you with a tailor-made roadmap, outsourcing, or privacy by design solutions.
The following packages are designed for companies that want to conform to the Personal Information Protection Law (PIPL) of the People’s Republic of China as the most acknowledged and commonly used privacy standard in the region. These packages guarantee compliance to data privacy at the shortest possible time.
Startup package is our unique solution, applicable for a small and middle sized startups, which have to be GDPR compliant. All the basic steps to reach compliance shall be taken, including:
Developing the record of processing activities (RoPA) and determining legal grounds for processes.
Compiling a Privacy Notice and Internal Data Protection Policy.
Determining the roles in processing operations (controllers / joint controllers / processors / third parties).
Creating a cookie-banner and drafting a cookie-policy for the company’s website.
Basic level of compliance that includes:
Developing the processing records and determining legal grounds for processes.
Determining the roles in processing operations (personal information handler or entrusted party).
Staff awareness training.
Consultation where required.
Medium level of compliance, including Basic package plus reviews and recommendations for improving processes involving personal data, and processing agreements. In question, Gold package includes:
Description of the processes in which personal data are involved with a list of recommendations and risk pre-assessments.
Drafting data processing agreements with counterparts.
Conducting protection information impact assessments (PIIA).
Compiling a PIIA Report.
Staff training on rules of personal data processing and information security requirements.
High-level compliance, which includes Gold package services, plus product audit with detailed recommendations, customization of processes for handling data subject requests and data breaches, meeting transparency requirements. It also entails DPO outsourcing. The peculiarities of this option are:
A comprehensive audit of the product and description of its data processing activities.
Ensuring compliance with the individuals’ right to information by providing multiple forms of privacy notices and policies.
Implementing Cookie banner settings.
Conducting a vendor audit.
Assistance in implementing the processes of reporting data breaches and responding to individuals’ requests.