Your compliance project should have a law firm as the main service provider
Only law firms should be lead service providers when ensuring you comply with the law (like data protection law). Consultants, auditors, audit firms, and even information security or IT governance consultants cannot provide the legal protection and privilege offered by [...]