The "Perfect Storm"
Out of this world meeting
A lawyer from a non-EU/ EEA country pushed a company in my direction which needed urgent help with Personal Data Protection Legislation compliance... and I just had a meeting with them...
The Business and Personal Data Processing Activities
- The company is launching a platform that will do direct marketing.
- The platform will both gather prospective customers (natural persons) from social media as well as paid contact lists from "data brokers".
- The company will retail any Personal Data out of processing (Profiling) that may be of value to its Corporate Clients (the ones resorting to it for direct marketing).
- The Service IT Landscape (Server and DataBase) will be hosted in China.
- The company has done absolutely nothing in terms of IT Security or Personal Data Protection and Privacy Assurance.
The need
The company wants support from a "highly competent Privacy Expert" that will draft fully compliant Privacy Policy and Terms of Service with regards to the GDPR and the CCPA.
Where informed that a Corporate DPIA is mandatory and (most likely) they will have to change many of their Operational Processes and partners... the reply was...
"... we just need you to write the Privacy Policy and the Terms of Service ..."
Senior Data Protection Officer. Get an expert. Contact me. I solve all data protection problems.
4 年Good for you. Had you not turned this down and remained the company advisor you would be for ever defending a broken incompliant company.
Data Protection Officer DPO specialising in championing GDPR compliance
4 年Honestly but the worry is someone less experienced will take this on without realising the risk