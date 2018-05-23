Kroll's DPO Consultancy Services will support organizations in becoming and staying compliant with GDPR requirements, in particular Article 37, which makes the appointment of a DPO mandatory for a wide range of organizations of any size processing large volumes of data or collecting and processing special categories of data. The mandatory DPO appointment is potentially problematic as the requirements and responsibilities of the position outnumber the skill set and qualifications of most information security, compliance, and privacy professionals available. The DPO is tasked with not only managing education and training as related to GDPR mandates for data processing, but also for conducting security audits and serving as a point of contact for government officials.

The GDPR will apply to EU companies, multinationals with employees or customers located in the EU, and companies outside the EU that are offering services to EU persons or monitoring EU residents' behavior in the EU. Violations of the GDPR could be sanctioned with fines as high as 4% of annual global revenue or €20 million.

Kroll's DPO Advisory Services will be of particular value to businesses within the EU that do not have past experience in managing the introduction of new data protection regulations. Multinationals with an EU presence or which do business with EU companies will also benefit from having subject matter experts focused on assisting with their GDPR-specific challenges.

Andrew Beckett, Managing Director and EMEA Cyber Leader, Kroll, said: "The role of the Data Protection Officer carries a greater breadth of responsibility than just one individual can support in many cases, charged with overseeing a host of data privacy and security processes and controls intended to comply with the new GDPR requirements. Likewise, starting up and implementing a true DPO program will require time, knowledge, and resources that many organizations simply do not have. This is why Kroll has launched DPO Consultancy Services: to give our clients timely access to both technical and legal expertise so they have a team of highly experienced specialists working for them, not solely one individual."

Kroll, working alongside preeminent data privacy law firms, will be providing technical consulting based on its decades of expertise assisting clients with information privacy and security challenges, as well as risk assessments and investigations performed on a global scale. Kroll already has extensive experience assisting clients in addressing complex data protection regulations, including the Health Insurance Portability and Accountability Act in the U.S., Canada's Anti-Spam Legislation, and Hong Kong's Personal Data (Privacy) Ordinance Principle 4.

The core set of advisory services Kroll is offering in partnership with law firm data privacy practices includes:

Promoting GDPR awareness, including providing customized training to everyone in the enterprise, from front-line employees to board members

Identifying information assets and process flow used to create, store, transmit, and dispose of personal data and ascertaining if they are subject to GDPR specifications

Assisting in creating a GDPR roadmap and maturity model

Developing data maps that identify personal data as personally identifiable information and assigning risk according to the GDPR roadmap

Coordinating recommended assessment action plans to identify gaps in relation to GDPR requirements, including developing and managing a GDPR compliance risk register

Working with the client to address their unique needs in addition to the core set of services

Organizations interested in learning more about establishing and maintaining compliance with the GDPR can find information on Kroll's DPO Consultancy Services here.

About Kroll

Kroll is the leading global provider of risk solutions. For more than 45 years, Kroll has helped clients make confident risk management decisions about people, assets, operations and security through a wide range of investigations, cyber security, due diligence and compliance, physical and operational security, and data and information management services. For more information, visit www.kroll.com.

Kroll is a division of Duff & Phelps, a global advisor with nearly 3,500 professionals in 28 countries around the world. Our clients include publicly traded and privately held companies, law firms, government entities and investment organizations such as private equity firms and hedge funds. We also advise the world's leading standard-setting bodies on valuation and governance best practices. For more information, visit www.duffandphelps.com.

