GDPR Consulting

Our carefully designed roadmap adresses GDPR implications for your business and makes sure of your full compliance to the new regulations.

GDPR Consulting

Certified Information Privacy Manager

GDPR becomes the norm in personal data protection starting May 25, 2018, introducing major changes and clarifications. The GDPR will apply to companies processing personal data in the context of an EU establishment, companies offering goods or services to EU residents and companies that monitor the behavior of EU residents.
For companies that will not have implemented this regulation by May 2018, the penalties will be severe, with the largest of 4% of international turnover or 20m euros.

The GDPR replaces the 1995 EU Data Protection Directive (DPD) with significantly enhanced protection of the personal data of EU citizens, giving individuals new rights over the use of their personal data. Our team of Zitec GDPR specialists can manage your compliance process, from the first phase of identifying the risks the company is exposed to and the impact of GDPR on personal data collected from customers, to post-implementation consulting, making sure your work processes always remain fully committed to the new data protection regulation.


GDPR Principles


Privacy communication

Review and update your privacy policy notices in order to be GDPR compliant. Notices must be given at the time that the data is obtained from the data subject, or if the data was received from a third party, within a reasonable period after obtaining the data but at the latest within one month, in a format that is user-friendly.

The information you hold

You should document what personal data you hold, where it came from and who you share it with. You may need to organize an information audit across the organization or within particular business areas.

Subject access requests

You should update your procedures and plan how you will handle access requests. You could consider developing systems that allow individuals to access their information online.


You should review how you capture, record and manage consent and whether you need to make any changes. Consent must be separate from other terms and Conditions, and you will need to have simple ways for people to withdraw consent.


For the first time, the GDPR will bring in special protection for children’s personal data, particularly in the context of commercial internet services such as social networking. If your organization offers online services to children and relies on consent to collect information about them, then you may need a parent or guardian’s consent in order to process their personal data lawfully.

Data breaches

The GDPR introduces a new data breach notification regime. The process requires organizations to act quickly, mitigate losses and, where mandatory notification thresholds are met, notify regulators and affected data subjects.

Data Protection by Design

The data controller must comply with the requirements governing data protection by design during software development, and when ordering systems, solutions, and services. The requirements must accordingly also be included when entering into agreements with suppliers, and when using consultants.

Data Protection Officers

You should establish the role of the Data Protection Officer and assess where this role will sit within your organization’s structure and governance arrangements. Either as an internal role for your organization, a shared role across a group of organizations, or through a services engagement.

Data transfer

The GDPR only permits exports of data to entities of its group and third-party vendors outside the European Economic Area if the country in which the recipient of such data is established offers an adequate level of protection.

Individuals’ rights

Data subjects are given more extensive rights under the GDPR, and some of them are:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

our GDPR Solution

Risk analysis

  • Legal context analysis
  • Identifying the GDPR regulations which apply to the company’s activity
  • IT Systems analysis
  • Work processes analysis
  • Backup analysis, data integrity and restore analysis

Issue documentation

  • Technical analysis report
  • Legal analysis report

Implementation Strategy

  • Rectification recommendations
  • Implementation roadmap
  • Consulting

Selected Projects



More GDPR Consulting successful projects


  • Mobile Solutions
  • Software Architecture
  • Embedded Solutions
  • Web Application Development
  • Performance Testing
  • Automated Testing
  • Independent Testing
  • Business Analysis
  • Infrastructure & Architecture Audit
  • Application-wide audit
  • SEO
  • Online Marketing Audits
  • Web Analytics
  • Market Research
  • Pay Per Click Campaigns
  • Performance Marketing
  • Email marketing
  • Software Architecture
  • Audit application-wide
  • Infrastructure & Architecture Audit
  • Cloud Migration
  • Cloud Hosting
  • G-Cloud 10 Framework
  • Cloud Architecture Optimization
  • Usability Reviews & Audit
  • Graphical & Web Design
  • Corporate Identity
  • Funding consulting
  • Technical guidance
  • Implementation partnership
  • Innovation assessment
  • Analysis
  • Data management
  • Data protection
  • Reporting