Expert GDPR

What’s the impact of GDPR in your organisation ?

How to implement GDPR Regulation EU 2016/679 ?

All-In Compliance Solutions

Our solution All-In Compliance include all what your organisation need to comply with GDPR EU 2016/679. With our checklist included you can easely attest what you have already and what needs to be done.

The GDPR applies to a company,  or entity, which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.


If your company is a small and medium-sized enterprise (‘SME’) that processes personal data as described above you have to comply with the GDPR. However, if processing personal data isn’t a core part of your business and your activity doesn’t create risks for individuals, then some obligations of the GDPR will not apply to you (for example the appointment of a Data Protection Officer (‘DPO’)). Note that ‘core activities’ should include activities where the processing of data forms an inextricable part of the controller’s or processor’s activities.




When the regulation applies


Your company is a small, tertiary education company operating online with an establishment based outside the EU. It targets mainly Spanish and Portuguese language universities in the EU. It offers free advice on a number of university courses and students require a username and a password to access your online material. Your company  provides the said username and password once the students fill out an enrolment form.


When the regulation does not apply


Your company is service provider based outside the EU. It provides services to customers outside the EU.  Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn’t specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.



Yes, the application of the data protection regulation depends not on the size of your company/organisation but on the nature of your activities. Activities that present high risks for the individuals’ rights and freedoms, whether they are carried out by an SME or by a large corporation, trigger the application of more stringent rules. However, some of the obligations of the GDPR may not apply to all SMEs.

For instance, companies with fewer than 250 employees don’t need to keep records of their processing activities unless processing of personal data is a regular activity, poses a threat to individuals’ rights and freedoms, or concerns sensitive data or criminal records.

Similarly, SMEs will only have to appoint a Data Protection Officer if processing is their main business and it poses specific threats to the individuals’ rights and freedoms (such as monitoring of individuals or processing of sensitive data or criminal records) in particular because it’s done on a large scale.


Sources : link here



General Data Protection Regulation (EU) 2016/679

The European Union has had data privacy rules in place for over twenty years, those rules are set to see some change. Since the 25 May 2018 date of the implementation deadline of the General Data Protection Regulation (EU) 2016/679 (GDPR), all organisations processing personal data need to adapt their business approaches, their operations and their security practices. It’s crucial for every one, in every company, to understand these emerging requirements and how to accommodate them.

How can we assist you?

GDPR Assessment, GDPR Support, DPO as a Service, GDPR Training

GDPR Assessment

This is the very first step in conforming to the GDPR. In our GDPR assessment, we analyze and determine your current situation, also known as AS-IS assessment. During this phase, we also identify any gaps between your situation and the requirements of the GDPR legislation. Based on our assessment, we start from the results of this analysis as a starting point for the GDPR compliance implementation project. We develop with you and specify the measures and a pragmatic action plan adapted to your organization.

GDPR Support

Based on our pragmatic action plan, we determine each element to be implemented at each level of the organization, including: governance, legal aspects, processes, communication, human resources and systems. technological infrastructure.
We can help you implement these elements by taking charge of managing your GDPR project.

DPO as a Service

Our DPO as a Service for data protection issues is the service fully GDPR compliance. We take over the role of the Data Protection Officer in your organisation in line with GDPR requirements. We can also assist your internal DPO. Khagan serve as an independent expert inside your organisation.

GDPR & DPO Training

Our GDPR & DPO Training course is for everyone who handles personal data. We provide a broad understanding of the General Data Protection Regulation, or GDPR, EU 2016/679 – which is all about keeping personal data safe and protecting the interests of the people whose data it is.

Ready to use

GDPR Compliance All-In Tools

Book a first meeting

I'm Thérèse Haq Qazi, your contact person.
I make time to have a discussion with you,
to answer your questions.