We assist you in assessing the status quo and the processes used in your organization, both locally and globally, to determine the level of maturity and associated need for action in your organization. Such assessments include evaluating internal policies and procedures, practices, and data flows, identifying key gaps and risks, and recommending remediation actions.

Based on an initial assessment, we support you in defining a data protection strategy tailored to your company and business activities and in developing an appropriate data protection program.

We support you in setting up an effective governance structure and privacy organization and in defining roles and responsibilities.

We assist you in developing a framework consisting of standards, policies, procedures, and processes covering all aspects around data protection to implement the privacy program at the global, regional, and local levels in compliance with applicable laws and regulations.

We support you in the development and implementation of appropriate procedures and processes for the efficient handling of requests for information from data subjects and requests in connection with other data protection rights.

We support you in defining appropriate technical and organizational measures (TOMs) to protect personal data managed in your organizations and through third parties, using a risk-based approach.

We assist you in developing procedures and processes for handling cyber-attacks and data breaches, including notification management and remediation, and perform appropriate exercises for testing.

We develop concepts for the storage and deletion of personal data with corresponding retention periods and, if required, conduct appropriate training.

We support you in all data protection aspects to be observed when exchanging personal data with third parties or outsourcing the processing of personal data to service providers. We develop appropriate guidance for defining the roles of the parties and assigning the corresponding responsibilities. This is particularly important for contracts involving multiple parties or where different interpretations by regulators may lead to different outcomes, such as clinical trials involving investigators from across Europe. We develop contract templates and questionnaires as well as assessment tools for audits of service providers and support you in data protection and information security audits and contract negotiations.

We create procedures, processes and templates/tools for documenting processing activities and conducting compliance checks, including data protection impact assessments, and provide related training.

We support you in evaluating projects, systems, applications, products, and processes from the initial design stage through development to market launch and advise on appropriate privacy enhancing technologies to ensure compliance with applicable privacy and security requirements. We develop appropriate privacy by design guidelines tailored to your company.

We advise you on suitable models and the requirements for the worldwide exchange of personal data within your organization and with third parties and support you in the implementation of the defined solutions. This also includes conducting initial transfer impact assessments for transfers to third countries that do not ensure an equivalent level of data protection and defining appropriate safeguards, including transfer agreements. The group-wide data transfer strategy includes guarantees such as intra-company agreements (so-called Intragroup Data Transfer and Processing Agreements) and Binding Corporate Rules (BCR).

We support you in the development of Binding Corporate Rules (BCR) for your company, in the approval process in the EU, UK and Switzerland, and in the effective implementation of BCR in your organization.

We develop and deliver sustainable and interactive general and specific privacy training and awareness campaigns targeted at associates in general and specific higher risk roles.

We support you in developing and implementing effective data protection control instruments, compliance and risk assessment tools, and audit concepts to ensure sustainable compliance with all legal requirements, demonstrate accountability, and minimize business risks. We also perform appropriate controls and audits in your organization.