General Data
Protection Regulation


Privacy Management

Data Protection Impact Assessment Framework

The LoQutus PIA as a Service offers privacy and data protection risk assessments for products and services. The PIAs are carried out in a software assisted process, resulting in customizable impact assessment reports. PIA as a Service can be provided as a software solution as well as with assistance and workshops conducted by our privacy specialists.

  • Key features
    • Privacy Impact Assessments have proven to be an important and useful tool for understanding and assessing the risks related to personal data processing operations. The LoQutus PIA as a Service offers:
      • Software supported and highly efficient PIA processes
      • Automatized and customizable reports, which give a clear overview of processes, risks and progress
      • Real-time track record of actions taken to mitigate risks
      • Tested Baseline criteria to benchmark all operations from a consumer- or employee perspective
      • Demonstrates accountability within the framework
      • Suitable for all sizes of organisations and businesses
  • Benefits
    • Privacy Impact Assessments (PIAs) help your organization assess current and planned operations’ impact on privacy. Measure compliance, identify and reduce risks, demonstrate accountability – PIA helps you understand the status of data protection activities as they exist across an organization and define a prioritized list of next steps.

Records of processing activities

With the introduction of the new General Data Protection Regulation new obligations were introduced. The complete information landscape, concerning personal and sensitive data needs to be mapped into a Data register (Art 30, of the GDPR) In order to be able to trace all usage of personal data within the organisation, knowing where personal and sensitive information resides in case of breaches, data lineage needs for Data Privacy Impact Analysis (Art 35, of the GDPR), reporting needs towards the Data Protection Authority, Methodology and governance framework guidance in regard to data lineage integration.

Possible tool proposal for automated data lineage within the organisation, with graphical reporting interface, meta data management, security and process integration.

Privacy by Design & Default

Data Protection will become an integral part of both the technological development as well as the organisation structure of a new product or service. While the legislation is not incredibly detailed with regard to which specific steps companies should take on a technical level, it is clear that both principles will need to play a role in current and future developments within your organisation.

Privacy by design means that each new service or business process that makes use of personal data must take the protection of such data into consideration. An organisation needs to be able to show that they have adequate security in place and that compliance is monitored. In practice this means that an IT department must take privacy into account during the whole life cycle of the system or process development.

Privacy by Default simply means that the strictest privacy settings automatically apply once a customer acquires a new product or service. In other words, no manual change to the privacy settings should be required on the part of the user. There is also a temporal element to this principle, as personal information must by default only be kept for the amount of time necessary to provide the product or service.

LoQutus can help implementing the necessary governance and implementation principles to setup a privacy by design & default framework.

Privacy Readiness Assessment

  • Survey & Interviews
  • SWOT Analysis
  • Maturity Scoring
  • GAP Analysis
  • Recommendations
  • Benefit Map
  • Roadmap, Next Steps
  • Quick Wins

DPO as a Service

  • Official Role of DPO
  • Independent
  • Privacy Expert
  • Privacy Office Setup
  • Training
  • PIA Project Support
  • Data Subject Communication
  • DPA Liaison

Privacy Governance

  • Governance Operating Framework
  • Privacy by Design & Default
  • Communication Operating Framework
  • Privacy Training