GDPR Services

GDPR Services

Implementing the GDPR is affecting your entire organisation, a full circle from customer, business processes and involved parties, to employees and external involved parties into your business. As a business, you need to rethink how personal data is handled from the source to the point of consumption. ITAF’s team of experienced data protection experts can help your organisation with a variety of best-practice solutions including the organisational and process-related aspects, risk management, incident management, security and compliance.

GDPR Governance Support

Lawfulness, fairness and transparency

Data governance and GDPR go hand in hand. A strong data governance program is critical to the data visibility and categorization needed for GDPR compliance. Data governance enables an organization to discover, understand, govern and socialize its data assets not just within IT, but across the entire organization.

Sticking to the subject, ITAF GDPR specialists will help you within:


How data moves in your organization.


You must communicate to individuals the legal basis for processing the data, retention periods, the right to complain when customers are unhappy with your implementation, whether their data will be subject to automated decision making, and their rights under the GDPR.


The people you work with need to understand the importance of data protection and be trained on the basic principles of the GDPR and the procedures being implemented for compliance.


Opt-in forms and cookie consent.

IT service management and compliance support

Key aspects of GDPR related ITSM are related to personal details which can affect negatively your business in many ways.


Manage users, create user roles and groups, manage access privileges, and maintain an accurate database of all users.


Maintain channels for raising requests, facilitate request fulfillment, and manage the complete request life cycle.


Update an old system (e.g. patching or software upgrades), or create a new system (e.g. setting up a data center).


Commission, maintain, decommission, and take inventory of IT assets. Reporting: Measure the performance of the IT service desk, and continually improve productivity.

Notification and communication

Streamline the constant flow of information moving in and out of the IT service desk.


Track and maintain the list of necessary, repetitive tasks that address the overall health of your IT infrastructure.


Seemlessly integrate with other tools used in your organization to implement a change or fulfill a request.

GDPR Risk and Incident management

How to build an incident response program?

ITAF can introduce you to any risks and train your staff in what way they should react if data breaches occur within a company.

Short description of incident management process

• Data controllers are obliged to communicate all relevant details about a notified breach to the supervisory authority without undue delay and no later than 72 hours after they have become aware of it. Any prolongations need to be additionally justified.
The details that need to be disclosed to the supervisory authority include, but are not limited to categories and an approximate number of data subjects affected by the breach, as well as categories and an approximate number of personal data records that were compromised.
• Data controllers must maintain records of all personal data breaches, any related facts about the breaches, their consequences and all actions taken to remediate them. Such records will then be reviewed by the supervisory authority in order to verify compliance.
• Data subjects must be notified about a data breach as soon as it occurs (GDPR parlance is without undue delay). This is especially true when a high risk to the rights and freedoms of data subjects might exist as a result of the breach.

Organisation and processes

Data privicy and information security

Businesses must acknowledge that being transparent about how data is used and protected is now required by law. Each organization (including charities and public sector entities) must define a scope for which they collect specific data. Make sure that your data processors will ask for your approval whenever they intend to transfer data outside the EU/EEA. The same rules apply when the data processors intend to subcontract part of the services they provide.
The GDPR will require some organizations to designate a Data Protection Officer (DPO). Organizations requiring DPOs include public authorities, organisations whose activities involve the regular and systematic monitoring of data subjects on a large scale, or organizations that process what is currently known as sensitive personal data on a large scale.

GDPR Partner

GDPR Training by ITAF

Our GDPR training has been build on the GDPR Foundation qualification to give your business a knowledge and operational skills to optimize, implement and manage a GDPR compliance programme, and to fulfil the DPO (data protection officer) role.

For more information about ITAF GDPR Services and GDPR training, please contact us and we’ll be glad to help you!

Better to be safe than sorry.

Go back to Security Services page and discover more info...

stay informed

subscribe to our newsletter