We can help you prepare your organisation for GDPR compliance. We have a team of experienced practitioners who understand what it takes to comply with legal requirements in a way that is optimised for your business priorities. Click on the headings below to read more about how we can help in different areas. If you would like more information on what you should do to ensure that you are prepared, please feel free to contact us - we are here to help.

Gap-analysis
We offer a review of your current situation to ensure compliance with legal requirements while ensuring that your organization does not have an overly burdensome responsibility or administration that adversely affects your business.

The gap analysis highlights the gaps between your business and the GDPR's requirements and proposes action proposals with estimated priorities and complexity for implementation. The goal is that the business can continue to work on the results of the gap analysis in various implementation projects where Sharp Cookie Advisors can support the action phase in these projects. An investigation of the business impact of regulatory compliance with the new data protection legislation is also a good basis for management's priorities for continued work in business development and digitalisation.


GDPR project
We support your organization to quality assure your data protection work. We offer support in everything from business analysis to support in individual legal matters.

Privacy Program - Long term compliance
An organization's work with integrity and IT security does not stop at a GDPR project. An organization's work with compliance is long-term and is a natural part of a modern company's governance and business strategy.

Every organization needs to be able to demonstrate at any time that it complies with the requirements of data protection legislation. This is done practically by the organization having a documented work on data protection issues, a so-called "Privacy Program" which exposes the organization's basic working methods and responsibility for data protection issues.

"Every organization should be able to know what data it uses, what obligations apply to that data and how the organization handles data in an efficient and secure manner, with the least possible disruption in business operations."

We provide organizations with support in the long-term work to secure the company's data assets by supporting the management in developing a customized privacy program in accordance with best practice and GDPR.

Data breach response

A news with the GDPR is that organizations will be required to report security incidents involving personal data to the regulator, and in some cases even those registered, within 72 hours of the incident being discovered.

We support you in reviewing your processes for handling, documenting and reporting personal data incidents.


Subject access request, deletion, data portability

Individual rights are strengthened under the GDPR and those registered have an enhanced right to exercise control over their personal data.

Each organization now has a 30-day deadline to compile and provide a copy of a registrant's request for extracts on its personal data. This places new demands on technical systems, work processes, and legal assessment of the registrants' request for extradition.

The data subject has the right to request that in some cases his personal data be deleted from the organization's activities, which includes back-up and data shared to subcontractors.

In order to avoid lock-in effects, a new right has been added - data portability - which allows registered as users and employees to bring their own personal data with another organization.

These individual rights are not absolute rights for the data subjects, but your organization has rights with them. We can support your organization by setting up the appropriate way of working to effectively manage these new ways of working.