There’s a profession called “worrying”. How we ran a DPIA for a gambling company GDPR compliance is not only about records and policies — it’s also about anticipating the future, including its most unpleasant scenarios. In this case study, we show how we moved beyond “paper compliance” and helped a...
How we legalized marketing calls from the client’s call center for 10 new countries
Launching marketing calls simultaneously in 10 new jurisdictions presents international business with an extremely complex challenge: how to comply with each country's unique and sometimes contradictory requirements without creating operational chaos. In this case study, we demonstrate how our consultants managed to transform fragmented personal data laws into a unified...
How our Team Posed as Users and Uncovered Errors in Handling Data Subject Requests
From time to time, clients/users/customers contact a company with requests related to personal data. They may ask to delete their data or get detailed information about how their data is being used. A company can describe all procedures for responding to such requests and prepare appropriate policies, but still make...
Child Data Protection: Animation Studio Case
Key Issues and Solutions 1. Register of Personal Data Processing The company already had a well-established information security system. They shared data flow diagrams and a list of recipients, which significantly accelerated the process of filling out the register.We supplemented the scheme and register with processing activities found during the...
