Data Protection, Privacy and Security, GDPR Compliance

AURUM has built a strong team of data protection experts that include EU-certified professionals (CIPP/E) who have worked at top-tier European law firms and have advised some of the biggest EU corporations on GDPR compliance issues. 

Combining extensive experience with high-level expertise, our team is capable of providing legal advice and assistance on all matters pertaining to privacy, data protection and GDPR compliance. 

Is the GDPR applicable to your business?

GDPR applies to any data processing activities conducted by companies located in the European Union, regardless of the place of processing.

GDPR further applies to the processing of personal data of EU residents by companies established or individuals located outside the European Union in case such processing relates to:

  • the offering of goods or services to data subjects within the EU; or
  • the monitoring of the data subjects’ behaviour, if such behaviour takes place within the EU.

Does your business comply with the requirement of the data protection legislation and GDPR?

In order to determine the state of compliance of your business within the requirements of the data protection laws and GDPR, we developed an assessment system that includes more than 50 questions that we will work on with the client’s team. 

Based on the results and outcomes of the assessment, we will develop an adequate compliance strategy for the client’s business, regardless of its size and type of activity. Furthermore, we will work on the implementation of GDPR requirements into the client’s business processes and internal procedures.  

What can our data protection experts help with?

  • Initial data flow and data protection audit.
  • Determine the client’s role and responsibilities under the data protection legislation and GDPR.
  • Conduct a data protection impact assessment (DPIA) in order to identify, analyse, and mitigate risks related to certain data processing activities.
  • Advice on the ‘privacy by design’ and ‘privacy by default’ requirements, including the adoption of necessary tools and instruments.
  • Advice on cross-border operations with personal data.
  • Drafting and reviewing legal documentation required under the applicable laws, including privacy notices, privacy policies, data processing agreements, etc.
  • Preparation of internal and intra-group guidelines, instructions and procedures.
  • Data security breaches management, including evaluation of risks, determination of procedures applicable to the breach and preparation of notifications to authorities.
  • Assistance in communications with data subjects and national regulators.

Ongoing legal support

We can provide you with day-to-day support in terms of data protection compliance, including managing privacy mailboxes, drafting responses to data subjects’ requests, revision of contracts and updating policies.