1. Evaluate the legal requirements compared to the company's operating procedures

2. Evaluate the security requirements against the company's IT management

3. Prepare Data Inventory Map (DIM)

4. Prepare Personal Data Flow Diagram

5. Provide advice and sample documents to enable legal operation, including:

• Privacy Policy

• Example of a consent form from a personal data subject

• Personal Data Disposal Policy

• Personal Data Classification Procedure Manual

• Policies or practices for disclosing personal information to external parties or sending or transferring personal data to agencies abroad (Third Parties / Cross Border Data Transfer Policy)

• Consent Management Procedure

• Personal Data Breach Management Procedure Manual

• Data Subject Request Procedure

• Data Protection Impact Assessment and Risk Assessment Methodology Manual

6. Provide IT security advice

7. Advise in case of requesting rights from customers

8. Perform annual IT operations and security audits to ensure law compliance.

• Storage check

• Check the CCTV installation.

• Monitor employee access controls

• Check the security of the wireless network signal.

• Check for system vulnerabilities

• Check Activity Logs

9. Train employees to raise awareness of personal data protection and IT security.

​

By certified consultants of Certified Information Privacy Professional (CIPP), Certified Data Protection Officer (CDPO), Certified Information System Auditor (CISA), Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM)