Kroll has launched Data Protection Officer (DPO) Consultancy Services ahead of the introduction of the European Union General Data Protection Regulation (GDPR) on May 25, 2018. Kroll’s DPO Consultancy Services are an expansion of Kroll’s global Cyber Security and Investigations practice and are being provided in collaboration with preeminent data privacy law firms.
Kroll’s DPO Consultancy Services will support organizations in becoming and staying compliant with GDPR requirements, in particular Article 37, which makes the appointment of a DPO mandatory for a wide range of organizations of any size processing large volumes of data or collecting and processing special categories of data. The mandatory DPO appointment is potentially problematic as the requirements and responsibilities of the position outnumber the skill set and qualifications of most information security, compliance, and privacy professionals available.
The DPO is tasked with not only managing education and training as related to GDPR mandates for data processing, but also for conducting security audits and serving as a point of contact for government officials.
The GDPR will apply to EU companies, multinationals with employees or customers located in the EU, and companies outside the EU that are offering services to EU persons or monitoring EU residents’ behavior in the EU. Violations of the GDPR could be sanctioned with fines as high as 4% of annual global revenue or €20 million.
Kroll’s DPO Advisory Services will be of particular value to businesses within the EU that do not have past experience in managing the introduction of new data protection regulations. Multinationals with an EU presence or which do business with EU companies will also benefit from having subject matter experts focused on assisting with their GDPR-specific challenges.
Andrew Beckett, Managing Director and EMEA Cyber Leader, Kroll, said: “The role of the Data Protection Officer carries a greater breadth of responsibility than just one individual can support in many cases, charged with overseeing a host of data privacy and security processes and controls intended to comply with the new GDPR requirements. Likewise, starting up and implementing a true DPO program will require time, knowledge, and resources that many organizations simply do not have. This is why Kroll has launched DPO Consultancy Services: to give our clients timely access to both technical and legal expertise so they have a team of highly experienced specialists working for them, not solely one individual.”
Kroll, working alongside preeminent data privacy law firms, will be providing technical consulting based on its decades of expertise assisting clients with information privacy and security challenges, as well as risk assessments and investigations performed on a global scale. Kroll already has extensive experience assisting clients in addressing complex data protection regulations, including the Health Insurance Portability and Accountability Act in the U.S., Canada’s Anti-Spam Legislation, and Hong Kong’s Personal Data (Privacy) Ordinance Principle 4.
The core set of advisory services Kroll is offering in partnership with law firm data privacy practices includes:
Promoting GDPR awareness, including providing customized training to everyone in the enterprise, from front-line employees to board members
Identifying information assets and process flow used to create, store, transmit, and dispose of personal data and ascertaining if they are subject to GDPR specifications
Assisting in creating a GDPR roadmap and maturity model
Developing data maps that identify personal data as personally identifiable information and assigning risk according to the GDPR roadmap
Coordinating recommended assessment action plans to identify gaps in relation to GDPR requirements, including developing and managing a GDPR compliance risk register
Working with the client to address their unique needs in addition to the core set of services