The General Data Protection Regulation (GDPR) went into effect on 25th May 2018 with many organisations still trailing behind the compliance curve. 

This sweeping Regulation requires organisations to meet stringent data protection requirements affecting the personal data of the EU citizens and for the first time, it also impacts companies and organisations that are based outside of the European Economic Area (EEA). With severe penalties in play - fines of up to €20m or 4% of global annual revenues - organisations must implement actionable and efficient strategies to achieve compliance. 

Our GDPR Compliance Services  

gdpr_data_protection_regulation_complex_green.pngWhen designing and establishing compliance policies and workflows with GDPR in mind, there is a broad range of expertise that is required, from having experience with the practical implications of applying data protection and information security, to managing an operational environment, to implementing information governance practices, and to applying and adopting a change management culture in complex regulatory circumstances. The RSM team has a strong track record of collaborating across legal, IT, compliance and lines of business to ensure input from and transparency with key stakeholders on policy development and implementation – as well as several GDPR preparedness engagements completed. 

RSM in Malta offers practical and effective solutions for all your privacy and data protection compliance challenges – no matter the size of your organisation. With a profile incorporating a diversity of skillsets ranging from Legal, IT, CyberSec, Risk, Project Management and Compliance, our team of professionals currently offers a variety of services including: 

  • GDPR Gap Assessment - Review and assess the organisation against the Regulation’s requirements and applicability, identifying gaps and areas of risk across its people, processes and technology, developing a pragmatic roadmap and action plan. 
  • GDPR Audit - Conduct an independent review and audit of your existing GDPR program and related practices to identify potential areas of improvement and ongoing compliance. 
  • GDPR Implementation - Organisations may further engage the services of RSM to assist in the implementation of the required processes and relevant actions. Our implementation support services vary from assisting your Data Protection Officer (DPO) with his/her compliance duties, drafting policies, procedures, and privacy notices, and assisting with dealing with third party service providers, just to name a few. 
  • Data Breach Preparedness and Remediation - Develop and implement incident response preparedness, response and notification plans to help your organisation meet the 72-hour breach notification requirement. We can also support and assist your organisation in liaising with the Supervisory Authority as well as dealing with the aftermath of the data breach, both in terms of GDPR but also Cyber Security. 
  • Data Protection Officer Support - Hands-on back-end ongoing advice and assistance to the DPO or Privacy Officer with matters relating to GDPR. We will take on a supporting role and carry out activities to assist your organisation in the most efficient and effective way possible. 
  • Outsourced Data Protection Officer - In accordance with Article 39 of the GDPR, RSM also provides the services of an outsourced DPO. As your organisation’s DPO, the team will be in charge of a number of duties related to data protection, working to ensure your processes and data handling activities are compliant with the Regulation. We will aim to foster a data protection culture within the organisation and help implement essential elements of the GDPR. As part of the service offering, we will also identify risks in relation to data protection and manage them accordingly.  
  • Training & Awareness - Develop GDPR awareness campaign and develop multi-channel stakeholder specific training materials for employees, HR, IT, Customer Support, Marketing, and other key stakeholder areas. We also offer DPO 1-2-1 training sessions. These training sessions enable a DPO to undertake its role as an independent, qualified and competent DPO. The training sessions are designed using our extensive knowledge of the GDPR, the Data Protection Act (Cap 586) of the Laws of Malta and other relevant data protection legislation.