Home / Services / Privacy

Privacy

Background
All companies, associations and organizations that process personal data must comply with the data protection regulation, GDPR, in a manner adapted by the business. GDPR places great demands on each organization regarding documentation and routines and can at the same time create internal uncertainty regarding what is allowed to do with the internal data that consist of personal data. The broad scope of the application of GDPR and the ambition from authorities to regulate all processing of personal data can lead to uncertainty among organizations regarding what applies and how to act. Since a few years has passed since GDPR came into force. It may also be time to review the implementation to see that all went as planned and all parts of the regulation was considered. Through the increasing digitalization the use of personal data in many cases might have changed thus other aspects to include in data protection must be reflected.

How we can help
We help our clients build trust in the market by protecting privacy. With a large network of experienced privacy specialist from a wide range of markets we focus on each customers needs, making privacy a natural part of our customers core business.  

• • Get control over your personal data
  • Improve data management effectiveness
  • Enable regulatory compliance
  • Protect personal data to enable your business strategic objectives

Services provided

• Data Protection Officer – interim, outsourced or as a service depending on your needs and the size of your organization.
• Inventory and mapping of data flows
• Maturity Assessment regarding data protection – we analyze your current compliance with the GDPR, deliver a documentation of the current status with recommendations of measures to increase your degree of maturity against set goals.
• Support in implementation of identified measures to comply with GDPR.
• Support in Data Privacy Impact Assessments (DPIAs) and legal assessment of processing to make sure sufficient measures are taken in in protecting personal data.
• Training regarding data protection regulation – customized training through e-learning, on-site or digital by using Teams or similar solution
• Analyze of third-party risks to assess the risks connected to personal data.
• Schrems II – analyze and assessment of transfers of personal data to organizations within or connected to countries outside of EU and EES. 
• Incident management – support in managing incidents, establishing and support in testing internal incident reporting routines
• Development of policies, instructions or guidelines – with support from Transcendent Digital to make the process more effective when it comes to the internal regulatory framework.

Track record
International industrial group – Interim assignment – Privacy Support
While the Group’s Chief Compliance Officer/ Data Protection Coordinator was on parental leave, a Transcendent Group consultant supported the organization by continuously assisting internal customers with advice and deliveries linked to the company’s data protection program. In close cooperation with the Information Security and Legal departments and direct communication with the business organization in various countries, the assignment included support in connection with data protection agreements, register of processing activities, risk analysis and transfer impact assessments of new systems and processes including organizational and technical protection measures. Our consultant helped bridging the absence of the internal DPO by monitoring and documenting compliance with the internal processes and GDPR requirements as well as improving processes and steering documents, adapting the established framework to ensure continued compliance with changing requirements and best practice.

Maturity Assessment
An organization that had struggled to implement GDPR in their line of business reached out to Transcendent Group for help establishing a data protection program compliant with external regulations. After performing a maturity assessment presented to the Board of Directors, they could easily decide the desired level of maturity. With a clear activity plan, in line with the decided goal of maturity to reach, the organization was given an approval from internal audit that they were compliance with GDPR. Transcendent Group could then help the organization with an outsourced DPO to secure the ongoing work with data protection.

Incident management
This popular e-commerce and lifestyle company has become a top-player in the e-commerce world of Europe. In the late 2020 this company was subjected to a malicious cyber-attack resulting in a large-scale incident involving its customer data. The Company turned to Transcendent Group to help them manage the entire incident together with internal resources. Our experienced privacy red team, which include expert privacy lawyers, IT-forensics and information security consultants took the lead to investigate, communicate and to provide a mitigation plan to prevent future similar attacks. The client returned and once again reached out to Transcendent Group for help to reduce the impact of a critical personal data breach and help with firm guidance on handling the incident. Transcendent Group assisted the client with notification to the supervising authority, communication with data subjects and media and IT-forensics and post-incident information security measures. Transcendent Group managed the incident with the result that the supervising authority decided not to open any further investigations into the matter despite it being a large scale of incident involving multiple jurisdictions in Europe. At every turn Transcendent group and its expert knew what to do and, provided much needed direct guidance to top management at the client, which helped them navigate and lessen the overall impact of the incident.