We assist organizations with the legal and strategic aspects of privacy and digitization.
With solid and future-proof policies, they can thrive in a time of innovation, rapidly changing legislation, and social and political developments.
We are living in an era of rapid digitisation and a wave of new legislation. This is forcing organisations to make choices that are legally sound, practically feasible and, where required, transparent.
That seems simple, but in practice, at least one of the three components often goes wrong. This creates a gap between what organisations want to do, what they actually do, and what they say they do.
We help bridge that gap with robust, coherent policy implementation that looks beyond the issues of the day. We do this with three interrelated themes, on which we provide both separate and integrated advice:
We assist organisations in developing, drafting and testing policies in the areas of privacy, data and digitisation. Finding the right balance between legal compliance, strategic objectives and risk management is central to this process.
A strong plan stands or falls with the way it is embedded within the organisation. Who is responsible for what? How do the internal information and reporting lines work? How is progress measured, monitored and rewarded? We provide a clear governance structure that translates strategic choices into concrete and measurable results. At the same time, there is still room for reviewing and updating policy in the event of changes in legislation, business operations or market conditions.
Agreements with partners and suppliers (such as AI suppliers or processors) are crucial for achieving objectives, managing risks and exploiting opportunities. We translate these objectives into an integrated chain strategy and help to establish future-proof agreements with new and existing relationships. This includes drafting and negotiating contracts with suppliers and partners that comply with the AI Act, DSA, NIS2 and GDPR.
Risk-based due diligence revolves around identifying, assessing and prioritising the most significant risks and negative impacts. This clarifies which issues require immediate attention and which can be managed in the longer term. It is not a tick-box exercise, but a strategic process that brings together the best available information and insights to produce concrete, proportionate actions. We guide this process from analysis to implementation, ensuring that resources and attention are focused where the impact is greatest.
The GDPR, the Digital Services Act and the AI Act make transparency a strict legal obligation — but in practice, it is much more than that. Transparency is also a strategic tool for gaining trust, strengthening reputation and deepening relationships with stakeholders.
The challenge lies in implementation: what does “transparency” mean in an organisational context, how do you put it into practice while keeping the interests of your stakeholders in mind, and how do you respond to unavoidable incidents such as data breaches?
We assist organisations in shaping transparency in a targeted manner: legally sound, strategically well thought-out and clear for all parties involved.
It is not always obvious where to begin, how to assess your current position, or what the next steps should be. Drawing on an assessment of the relevant legal and strategic context and the organization’s current policies, we highlight the main areas requiring attention. We do this using a Gap Analysis or Maturity Assessment. Contact us to discuss the possibilities.
Sometimes, quick, targeted advice is needed. Think of assessing a processing agreement, evaluating the risks of a new digital tool, or reviewing a privacy statement before it goes live. We offer flexible support for specific issues, so that you can quickly gain clarity and make well-informed decisions.
