General Data
Protection Regulation


Privacy Governance

Governance Operating Framework

The entire GDPR is built on the principle of accountability, and clearly defines and expands the roles and responsibilities of controllers and processors. Controllers, as well as the potential processors, will have direct obligations to implement organizational and technical measures such as privacy policies, appropriate security measures, maintenance of records of personal data processing, and performance of privacy impact assessments. They will also be requested to notify data protection authorities of personal data breaches, and, in specific cases, to appoint a DPO and setup a Data Protection Office. In order to achieve full compliance within the GDPR a new or at the least modified governance operating model should be put in place clearly defining responsibilities, roles and processes.

Communication Operating Framework

In line with the accountability principle laid down by the GDPR, data controllers and data processors should develop or update their internal breach notification procedures, including incident identification systems and incident response plans. This will mean most firms will have to change their approach to data breaches and ensure they have processes to comply with the rules. LoQutus can assist in setting up this required incident, breach notification framework as well as the complementary Communication Plan.

Privacy Consent Framework

Consent from the data subject was always a ground for legal processing and it remains so under the GDPR. However, the GDPR imposes more stringent requirements on consent, meaning that organisations will need to revisit the ways in which they obtain consent from data subjects for the processing of their personal data. There is also a higher threshold for the consent of children. Consent must be freely given, specific and informed, distinguishable and in clear and plain language, given by an affirmative action, must be verifiable and easy to withdraw as to give. Taking all of these possibilities into consideration your organisation must put a privacy consent framework in place to keep track of all the consent transactions, not only implementing new processes to manage requests, but also keep a clear and up to date database or log of when and how consent was obtained from each individual.

Privacy Training

Privacy Training and privacy awareness are an essential component of privacy and data protection implementation. A basic understanding of privacy and data protection regulation can be essential for the success of a product or service. LoQutus offers training on all knowledge levels.

  • Key features
    • Privacy Training is an important element in GDPR compliance. Ensuring key personnel are up-to-date regarding data protection and privacy not only promotes awareness and appropriate privacy practices, but is a good way to demonstrate actions taken to comply with applicable regulation.
  • Privacy training
    • Is designed to meet guidelines and recommendations given by Data Protection Authorities
    • Includes current privacy legislations and regulatory developments
    • Is suitable for all knowledge and skill levels
  • Benefits
    • Promotes your organisation’s privacy culture
    • Raises privacy awareness
    • Adequate training helps an organisation to avoid privacy and data protection risks on all levels
    • Training courses can be adjusted to specific needs

Privacy Readiness Assessment

  • Survey & Interviews
  • SWOT Analysis
  • Maturity Scoring
  • GAP Analysis
  • Recommendations
  • Benefit Map
  • Roadmap, Next Steps
  • Quick Wins

DPO as a Service

  • Official Role of DPO
  • Independent
  • Privacy Expert
  • Privacy Office Setup
  • Training
  • PIA Project Support
  • Data Subject Communication
  • DPA Liaison

Privacy Management

  • PIA Assessment Framework
  • Data Register Lineage
  • Consent Management Framework
  • Privacty by Design & Default
  • Protection Integration