Virgílio

Cervantes

Privacy and data protection law specialist

Invest your time and efforts on running your business. Leave the personal data protection compliance to me.

Services

What I do

DPO

Data Protection Officer as a Service (DPOaaS)

I offer a short-term  service (usually over a 1-2 year time period),  wherein I will  act as the external Data Protection Officer (DPO). The role of DPO is a business security leadership role mandated by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with the GDPR and DPA 2018 requirements.
DPM

Data Privacy Management

I offer a short-term  service (usually over a 1-2 year time period),  wherein I will  act as the organisation Data Privacy Manager. The DPM is responsible for the ‘operationalisation’ of privacy and data protection laws, namely, by bridging and translating the legal requirements of the GDPR into business operations.
PbDD

Privacy by Design and by default: Project management & Advisory Services

Article 25 GDPR requires organisations to “implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed” and ” to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”

Depending of the size of the organisation and the quantity of personal data processed, I will normally take on the role of PbDD Project Manager for periods of 6 months, when it is necessary to implement new processes or update the existent ones.

Why Choose Me

Accurate advice

Always On Time

No, not really! I am an "early bird", I always act before the expected time!

Focused Working

Highly organised and motivated professional who takes pride in delivering an outstanding service to clients and stakeholders, always exceeding their expectations.

24/7 Availability

Hot number available 24/7 to act upon business disasters such as cyber-attacks and high-risk personal data breaches.

DPOaaS

Does your organisation need to appoint a dPO?

Under Article 37 of the GDPR, there are three main scenarios where the appointment of a DPO by a controller or processor is mandatory:

  1. The processing is carried out by a public authority.
  2. The core activities of the controller or processor consist of processing operations which require regular and systematic processing of data subjects on a large scale.
  3. The core activities of the controller or processor consist of processing on a large scale sensitive data or data relating to criminal convictions/offences.

Article 29 Working Party (“WP29”) states:

“Determining whether or not you need to appoint a DPO depends on the scope and scale of your data processing, and whether or not they pertain within reach of Article 37.”

The Data Protection Officer (DPO) will serve as an independent data protection expert to your organisation, as per GDPR requirements.

DP Certifications

Contact form