Services

Stay ahead of the curve with our customized solutions

Compliance

Our data protection consultancy services provide you with access to our experienced and knowledgeable team of data protection consultants, who will help you to understand and analyse your existing data protection compliance framework, advise on any issues identified and then provide further support to mitigate the risks associated with these issues.

Schedule a meeting

Data Mapping

Understand and gain visibility of personal data flows into, across and out of your organisation.

GAP Analysis

Determine what steps need to be taken in order to move from your current state to a The UAE Federal Decree - Law No. 45 of 2021 on Personal Data Protection compliant state..

DPIA

Help you identify and minimise the data protection risks of a project. A DPIA is required for processing that is likely to result in a high risk to individuals.

Audits

Evaluation and verification of your (or your data processor) current data protection controls, policies and procedures. Identifies risk areas and provides documentary evidence of compliance..

Policy Writing

Drafting of privacy notices, polices and standards to assist your business with The UAE Federal Decree - Law No. 45 of 2021 on Personal Data Protection compliance.

Consent Management

Capture consent where required and ensure the necessary requirements are satisfied (for consent and explicit consent) to be valid throughout the entire life cycle.

Records Management

Documented information for the entire life cycle, from creation/receipt, classification, use, filing, retention, storage, to final disposition

Data Transfers

Assess legality of the transfer and processing of personal data. Incorporate necessary Personal Data Protection requirements to safeguard cross border transfers.

Compliant Marketing

Employ the most appropriate legal basis for your online and offline marketing activities. Implement appropriate controls and practices.

Company documents

update some documents in accordance with the legislation, such as: job descriptions, internal regulations or other regulations to which the company has adhered

Contracts

Put in place adequate Data Protection clauses for Controller to Controller, Controller to Processer and Processor to Sub-Processer relationships

Employment documents

Employment contracts, Employee information note, Employee consent

Supplier Management

Ensure vendors handle personal data entrusted to them properly by implementing agreements, policies and procedures.

Due Diligence

Evaluate third parties current and historic compliance with data protection, gather information on actual or potential risks. Crucial as part of a merger or acquisition.

ePrivacy

Ensure electronic communications (includes the Web, the Internet email, apps, telephone, instant messaging) are compliant

Information Security

Safe-guarding your organisation’s data from unauthorised access or modification to ensure its availability, confidentiality, and integrity.

Data Subject Requests

Assess, manage and respond to data subject requests for access, restriction, deletion, objection and for porting.

Incident Management

Identify, investigate, and repair issues following a data breach. Restoration of operations as soon as possible after an incident takes place to minimize the impact of the data breach.

We take away the burden of managing your compliance efforts, so that you can focus on building products, or your business.

Privacy compliance has many different aspects: ensuring appropriate security measures, maintaining documentation, applying privacy by design, and training your staff. As compliance partner for your organization, we can take on most of this burden while letting you make the decisions around data processing, and become relatively autonomously.

Most organizations have multiple stakeholders in their Personal Data Protection compliance, the most common ones being CEO, CTO, head of legal and product owners. While all of them care about the company and product compliance, their motivations are different. We have learned that all of them need to be involved at some stage and degree, but the day to day management is typically overseen by an internal privacy champion whom we can work with. We also connect directly with stakeholders where appropriate to ensure we meet their expectations

Our consultants bring a fresh perspective to your data protection compliance and help you to understand your data landscape and the steps you need to take to comply with data protection laws.

Our packages are delivered by certified EU GDPR practitioners and are suitable for businesses at all stages of their personal data protecton journey.

Small Business
  • up to 20 employees
  • Typical engagement : 2-3 days
  • Initial Gap Analysis
  • Data mapping
  • Bespoke Compliance Documents
  • Compliance Management
  • DPO Registration with ICO
  • Subject Rights Guidance & Advice
  • Personal Data Breach Guidance
  • Conducting DPIAs & PIAs
  • Employee Awareness Training
  • Annual Compliance Audit & Report
$3425
/ AED 12500
starting from
Buy Now
Medium Business
  • 21-200 employees
  • Typical engagement: 3-5 days
  • Initial Gap Analysis
  • Data mapping
  • Bespoke Compliance Documents
  • Compliance Management
  • DPO Registration with ICO
  • Subject Rights Guidance & Advice
  • Personal Data Breach Guidance
  • Conducting DPIAs & PIAs
  • Employee Awareness Training
  • Annual Compliance Audit & Report
$4600
/ AED 16750
starting from
Buy Now
Enterprise
  • over 200 employees
  • Typical engagement: Varies
  • Initial Gap Analysis
  • Data mapping
  • Bespoke Compliance Documents
  • Compliance Management
  • DPO Registration with ICO
  • Subject Rights Guidance & Advice
  • Personal Data Breach Guidance
  • Conducting DPIAs & PIAs
  • Employee Awareness Training
  • Annual Compliance Audit & Report
$TBN
negociable
Buy Now
Data protection officer ( DPO )

A DPO is appointed to monitor internal compliance, inform on data protection obligations and act as a contact point for the supervisory authority and data subjects.


Schedule a meeting

Act on your behalf

Represent your organisation, whether you are a Data Controller or Data Processor

Liaise with Authorities

Liaise with the Information Commissioners Office in the UAE (or other relevant supervisory authority) in relation to any queries or concerns about your processing activities

Point of Contact

Act as the first point of contact for individuals whose data is processed by your organisation.

Data Protection Advice

Provide guidance and advice to your team in relation to your obligations to comply with relevant Privacy legislation

Internal Audit

Monitoring your internal policies and procedures including processing operations

On-going Monitoring

Monitoring of your compliance with data protection laws and with your internal data protection policies

Reviewing Processes

Reviewing and managing your internal operational processes and implementing data privacy by design

Processing Records

Make the Records of Processing Activities available to the Information Commissioners Office (or other relevant supervisory authority)

Training & Awareness

Continuously and regularly raising awareness of data protection practices issues and principles for your staff

DPIA Support

Advising on whether a DPIA is necessary, how to conduct one and expected outcomes

Data Subjects

Assistance with corresponding with data subjects and support with handling data subject requests

The DPO has a set of predefined tasks, including providing oversight over the data processing activities, providing advise on the processing of personal data, and to promote Personal Data Protection awareness. In your engagement with us as your external DPO, we will ensure that these tasks are carried out diligently and set up a roadmap for compliance improvement over time.

For most organization appointing an in-house data protection officer is not a real solution: the role can not be combined easily, must be free from conflict of interest, and need to be trained on a regular base.

Our packages are based on an estimated number of hours of required availability per month, ranging from a few hours to multiple days a month. – whether you prefer to communicate through calls, video conferences or emails, we’re here to help.

Small Business
  • up to 20 employees
  • DPO time : Up to 4 hours per month
  • DPO Registration with ICO
  • Named DPO with Direct Contact Details
  • Subject Rights Guidance & Advice
  • Personal Data Breach Guidance
  • Supporting DPIAs & PIAs
  • Employee Awareness Training Slides
  • Annual Compliance Audit & Report
$499
/ AED 1825
/ month
starting from
Buy Now
Medium Business
  • 21-200 employees
  • DPO time : Up to one day per month
  • DPO Registration with ICO
  • Named DPO with Direct Contact Details
  • Subject Rights Guidance & Advice
  • Personal Data Breach Guidance
  • Supporting DPIAs & PIAs
  • Employee Awareness Training Slides
  • Annual Compliance Audit & Report
$995
/ AED 3635
/ month
starting from
Buy Now
Enterprise
  • over 200 employees
  • DPO time : Customised to suit your requirement
  • DPO Registration with ICO
  • Named DPO with Direct Contact Details
  • Subject Rights Guidance & Advice
  • Personal Data Breach Guidance
  • Supporting DPIAs & PIAs
  • Employee Awareness Training Slides
  • Annual Compliance Audit & Report
$TBN
negociable
Buy Now
Policy package

Policies drafting is a process specifically designed to enable authorized individuals nominated by small and medium-sized businesses to comply with personal data protection. Generate your personalized documentation that will cover various actions you undertake in your business practice.

Schedule a meeting

Banner & Cookie Consent Management

What is the package for?
  • Manage security and protect the data privacy of you website viewers, customers and end users;
What do you get?
  • Website scan & detect cookies in use
  • Banner with tailored Cookie Declarationli>
  • Cookie Removal & Blocking
  • Cookie description : category , information about the purpose, expiration, originating domain
  • Consent Log & management
  • Reports
Situations covered:
  • Websites, web applications, online stores
$5 / AED 18.25
/month
starting from

Online Privacy and cookies policies

What is the package for?
  • Online store, Presentation websited (web);
  • Mobile application.
What do you get?
  • Privacy policy;
  • Cookie policy;
  • Compliance Guide.
Situations covered:
  • User account, ordering and delivery of products;
  • Billing and payment;
  • Customer contact and feedback form;
  • Sending marketing messages;
  • And any other situations you set up;
$579 / AED 2115
starting from

Internal documentation

What is the package for?
  • Fulfillment of internal measures to become compliant;
  • Maintaining the register of operations;
  • Administering requests to data subjects;
What do you get?
  • Internal policies and procedures containing rules and measures that the company must implement to ensure compliance;
  • Response models for managing the rights of data subjects;
  • Internal registar;
$720 / AED 2630
starting from

Employees or recruitment

What is the package for?
  • In interacting with employees;
  • In the interaction with job candidates..
What do you get?
  • Information notes;
  • Consent forms;
  • Addendums to employment contract.
Situations covered:
  • Concluding and carrying out the individual employment contract;
  • Employee evaluation and professional development;
  • Dispute resolution;
  • And any other situations you set up;
$250 / AED 915
starting from

Customers or suppliers

What is the package for?
  • Interaction with individuals or legal entities;
  • Interaction with natural or legal persons suppliers.
What do you get?
  • Information notes;
  • Consent form;
Situations covered:
  • Concluding and carrying out the contract;
  • Billing and payment;
  • Customer contact and feedback form;
  • Sending marketing messages;
  • And any other situations you set up;
$175 / AED 639
starting from

Marketinng

What is the package for?
  • Obtaining marketing consent (consent) in physical format / offline;
  • For example: in a store, at a fair, etc
What do you get?
  • Compliance Guide
  • Consent form;
$95 / AED 347
starting from

Video surveillance

What is the package for?
  • Information on the use of surveillance cameras;
What do you get?
  • Video monitoring information note:
$35 / AED 128
starting from
Training

As data flows undergo natural changes linked to staff mobility, tool updates, product and service releases, updated training becomes a necessity. Training is vital to ensure that all staff comply with data protection law and understand the impact data protection has on your business.

Schedule a meeting

Through in-house training sessions, webinars and customization for your organization, we engage your teams in a meaningful and motivating way.

Who is it for?

Executives

Directors and senior stakeholders.

Managers

Department managers and data owners.

Operators

For general data facing staff.

Recurrent

Annual refresher training.
.
What subjects are covered?
  • Background & Aims
  • Jargon Busting
  • Scope & Impact
  • Penalties & Examples
  • Personal Data Protection Core Principles
  • Lawful Basis & Consent
  • Data Subject Rights & SARs
  • Data Breaches & Examples
  • Security Best Practices
Why should you attend?
Achieving personal data privacy compliance and retaining customer trust relies on all employees being aware of the impact of their actions.
Training is a highly effective way to:
  • Maintain continual awareness
  • Embed security throughout your workforce
  • Avoid costly breaches
  • Protect your company’s reputation and assets
UAE Representative

Article xx of the UAE requires organisations offering goods or services to or monitoring the behaviour of UAE residents to have a point of contact within UAE.

Schedule a meeting

TBN Through in-house training sessions, webinars and customization for your organization, we engage your teams in a meaningful and motivating way.

How does it work

We will review your privacy policies and ensure the appropriate contact details for your Representative are in place. These details must be clearly visible and accessible to data subjects and regulators who wish to contact you. It is a requirement of your Representative to maintain a copy of your Records of Processing Activities (RoPA). We will therefore review your existing, or assist you to construct your RoPA for ypur UAE processing activities.

After we’ve established your RoPA, this will be maintained and updated regularly. We will receive, triage and where appropriate respond to data subject and regulator requests, translate them if necessary, and assist you with appropriate responses..

We then use these records to assist us to respond to data subject requests or regulator enquiries.

What is included in the service?
  • Represent the Company with regard to their obligations under the UAE data protection law
  • Receive, relay, and immediately notify Company using the communication channel agreed by the Parties if it receives any communications from Data Subjects or Supervisory Authorities within 3 working days from the moment the communication is received by Representative on all issues related to the processing of Personal Data by Company.
  • Keep the contact details required for cooperation with the Data Subjects and Supervisory Authorities (the “Public Contact Information”), accurate and up-to-date at all times. Should the contact details change, the Representative will notify the Company without undue delay.
  • Perform an annual verification of the Record and make updates, provided that these correspond to a maximum of 25% of the Record.
  • Appoint a natural person who will be able to effectively communicate in the language or languages used by the Supervisory Authorities and the Data Subjects concerned.
  • Make the Record available to Supervisory Authorities at their request.
  • Support Company with any other tasks related to privacy and compliance to the Regulation, as requested by the Company.
Service benefits
Appointing a Representative is a legal requirement, however there are many benefits of appointing us as your UAE Representative. These include:
  • Highly cost-effective
  • Access to a large team of experienced data protection professionals
  • Professional translation of requests in various languages, including arabic
  • Coverage across UAE
  • Experience and shared best practice gained from working with over 100 completed projects
Insurance

Cyber insurance generally covers your business's liability for a data breach involving sensitive customer information and can assist with the financial and reputational ramifications resulting from a data breach to ensure that your business remains up and running

Schedule a meeting

Data leaks and data losses can lead to regulatory fines and PR nightmares. Insurance coverage designed to counter some of the potentially far-reaching consequences of data leaks and breaches can help you and your company stay protected

What does a cyber insurace tipically covers?
  • Business interruption loss (caused by a ransomware attack, a distributed denial of service attack, operator error (accidental deletion of data) or any other virus or malware that prevents you from trading)
  • Costs incurred to minimise a cyber extortion threat, where a third party has stolen your data or threatened a denial of service attack, as well as any proven loss of profits through associated business interruption.
  • Costs to restore data that has been accidentally deleted, corrupted, destroyed or encrypted by a virus or malware.
  • Costs incurred due to any accidental breach or copyright or defamation (libel and slander)
  • Your liability for the loss of personal data or breach of any privacy legislation anywhere in the world.
  • Your liability for any fines and penalties imposed by any bank or payment card company following the loss of credit card data, including all legal costs incurred whilst protecting you against a valid claim
  • Media Liability including defamation, privacy rights violations.
  • Costs of repair or replacement of hardware.
  • Fees to repair the reputation of the insured business.
Disclaimer: The information above listed contains general descriptions and may only in part match the liabilites covered by our insurance partners.
Who are some of our partners?
Coming soon