Do you need someone to help you with data protection compliance, including POPI and the GDPR? Are you busy with a data protection compliance project or implementation project? We can help you to:
- take practical effective action to protect personal information at the lowest cost, and
- get business value out of those efforts.
We do this by following the Michalsons Four-Step Compliance Process. Our process is insightful, entrepreneurial, and will reduce your overall costs. We have a “faster to market” practical approach. We have developed an approach to compliance projects that is both rigorous and pragmatic. It is simpler and quicker than most others. We help you to achieve the most, at the least cost. The benefits of using Michalsons include:
- Get expert practical legal advice, support, guidance, tools and templates
- Fast track your efforts
- Reduce your overall cost of compliance by using your resources as much as possible
Data protection compliance process
Below is a description of the outcomes you want to achieve for each step in the process and how you achieve those outcomes. We can give you a fixed price quote for any step in the process, work on a time and materials basis or we can agree a retainer.
Learn about the new regulatory requirements. This is the first step towards compliance. We help you to:
- Know what data protection compliance is and how to do it practically and effectively, what the law might require your organisation to do, and what the timeline is by attending a public awareness workshop or arranging a private in-house one or Executive Briefing. We can help you to appoint your Information Officer or Data Protection Officer properly, including a job specification and letter of appointment.
- Know what you need to comply with by determining the overlap between the different data protection laws and the overlap between data protection laws and other laws (like credit, consumer, freedom of information, and record retention laws). This will help you to find the overlap between your various compliance projects (like TCF or PCI) and work out if you can kill many birds with one stone.
- Assess the impact of data protection laws on your organisation by doing an Impact Assessment.
- Understand your risk profile by doing a risk assessment.
- Establish the business case, motivation or strategy for further action and get the governing body to approve a data protection compliance policy.
Planning is vitally important. You need to know who is going to do what, when. And what you are not going to do. We will help you plan. Planning includes to:
- Identify the role players, like project sponsor and manager, and current information officer.
- Map your activities to establish the facts about your organisation that are relevant to data protection, identify the sections of law that are relevant to your activities, record how you are processing lawfully, determine the gaps where you are not processing lawfully, and identify implementation actions. Our Mapper and Activities Map template are key tools for doing this.
- Ensure there is a common interpretation of data protection law in your organisation by running private workshops where we delve into particular issues relevant to your particular organisation to extract the areas you need to pay attention to or by getting us to provide you with an opinion on various issues, especially around cross-border data flow issues, cloud computing, legitimate interests, and the application of laws.
- Identify and assign your implementation actions, including identifying some quick wins. Given limited resources and time, you need to follow a risk-based approach first to decide what you need to do and in what order. For each action item, you must determine how important it is, who is responsible for it, the resource that will actually do it, what it will cost, and what the deadline is. We have great tools to help you do this fast. Where possible, we will help you find the right external resource to help you implement. Our implementation actions template is a key tool for doing this.
- Identify your roadmap. Our Project Status Report template is a key tool for doing this.
Planning involves doing various things, like discovering (researching, asking questions), workshopping and documenting. Planning often involves private planning workshops for a group of people from all functions of your organisation (or for a specific function). Planning workshops are large to map activities and plan implementation actions. Some people refer to the planning step as a gap analysis.
Actually implementing the actions required to comply is the most important step. The identified resource must take practical effective action to protect personal information. People within your organisation will have to do many of the action items. We can help you do some (not all) of the actions and other external resources will also help you do some. Doing includes to:
- Implement the quick wins.
- Do the other implementation action items in accordance with your roadmap.
If you are interested, we can tell you which action items we can assist with. We can also support you during the implementation phase, especially with the implementation of action items by other external resources. We can:
- attend project meetings to provide practical guidance and insight,
- answer questions that come out of meetings,
- provide updates on significant developments.
Sustain your compliance status by checking that the relevant resource has correctly implemented the action items, including to:
- Check they have been done correctly by asking Michalsons to review (or audit) that the relevant resource has correctly implemented the Compliance Actions that you identified in the Planning step.
- Set up structures and processes to ensure ongoing sustainable compliance.
How we can help you
Why we will Deliver
- We have a team of practical privacy and data protection lawyers.
- We have deep knowledge and expertise helping organisations comply with data protection laws. We are independent professional legal advisors with expertise on how to implement the changes required to comply with data protection laws. Our advice is privileged and the regulator cannot seize it.
- We have worked through our process with many clients by increasing their awareness of data protection laws across the organisation from the executives to the data capturers, planning their projects, and implementing their plans towards compliance.
- We are currently working with many organisations, from dual listed multinationals to start-ups in various industries, including financial services, marketing, FMCG, oil, healthcare, retail, and mining.
- We have successfully done many large projects on data protection, governance, risk and compliance (GRC), information security, and records management. We have also done many IT Legal Compliance Audits on many organisations.
- We wrote a chapter for a Global Privacy Book.
- We have participated in many legislative processes to enact information laws.
Our role is similar to that of an architect when you build a house. We:
- make you aware of the practical implications,
- help you plan what needs to be done,
- do some of the work ourselves and check that others are doing their work, and
- review that everything has been done correctly.
Our experience with data protection compliance
- We are currently helping many organisations with data protection compliance by following our compliance process.
- We have advised a large variety of businesses, both domestic and international.
- We have presented to well over 4,000 people on about 100 different occasions.
If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.