Selected Engagements

Guide and monitor compliance across every project phase, from planning through execution, embedding privacy, information security, governance requirements, and internal obligations across legal entities.

• Aggregated compliance controls across GDPR, local regulations, information security, and industry standards (e.g. ISO/IEC 27001).
• Established governance model, policies, and guidelines and embedded them into the project lifecycle and programme governance.
• Aligned with key departments and obtained leadership buy-in across IT, Legal, Security, Procurement, and Works Council.
• Communicated and integrated the model into processes with clear usage requirements.
• Trained staff and provided ongoing follow-up, support, and monitoring.

• Streamlined compliance oversight with greater transparency and accountability.
• Strengthened risk management by embedding data protection by design throughout the project lifecycle.
• Simplified compliance alignment with auditors and stakeholders, including the Works Council.
• Created a versatile blueprint, initially for HR, now adopted across other departments.

Ensure 300+ suppliers maintain an adequate level of data protection, working proactively across legal compliance, information security, and enterprise risk management.

• Assessed supplier risk levels. Classified suppliers by risk and renegotiated contracts for high and medium-risk suppliers.
• Established governance structures. Defined responsibilities and meeting cadences for ongoing oversight.
• Built an audit and assessment calendar as part of the Master Service Agreement, focused on key certifications.
• Defined penetration testing and security review requirements for regular third-party validation.

• Set a reusable blueprint for supplier management, adopted as best practice by multiple business units.
• Reduced supplier-side data breaches through active reporting and monitoring.
• Minimised security risks with regular assessments and testing.
• Built stronger supplier partnerships grounded in transparency, feedback, and accountability.

Assess GDPR and AI Act compliance across HR operations, including supplier contracts and data protection practices, and implement the necessary response actions.

• Conducted GDPR compliance analysis across 30+ HR processes, ensuring proper documentation, security, and data retention practices.
• Assessed supplier contracts to confirm data protection requirements were met and properly reported.
• Coordinated and delivered DPIAs for the most critical HR activities.
• Verified data governance across processing activities, with appropriate authorisations and accountability.

• Documented 30+ compliant HR processes across 10 jurisdictions.
• Reduced data risks through thorough DPIAs.
• Improved data governance policies, making them more granular and action-oriented.
• Conducted Legitimate Interest Balance Tests where required.
• Strengthened data security with robust technical and organisational safeguards.

Equip staff with the knowledge needed to navigate data protection and governance requirements, localised in English, Swedish, German, and Dutch.

• Developed content and controller questions. Created HR-focused training on data protection, security, and governance, with comprehension checks built in. Partnered with an external provider for video and graphics production.
• Coordinated translations with internal resources and aligned with the training department for feedback.
• Aligned with legal teams and works councils to ensure internal approval and DPO sign-off.
• Launched and embedded into onboarding. Deployed to existing employees and tracked engagement to measure effectiveness.

• Trained 5,000+ employees, driving a harmonised compliance approach across regions.
• Reduced data breaches by 78%.
• Recognised by the Head of Internal Audit as a best practice.
• Enhanced internal knowledge of data governance and accountability.