As part of our services in regulatory compliance with the GDPR, we noticed that many of our customers had been surprised by the proposals that had been made to them.
Indeed, as regulatory compliance with the GDPR is a legal obligation, many professionals have sought to develop service offerings to meet this new need for regulatory compliance.
However, while there are a multitude of offerings, not all of them are created equal. So how do you choose between two GDPR compliance services? What aspects should you pay particular attention to? What criteria should be assessed when choosing an GDPR compliance service?
At CyberSecura, we've found that there are three main types of GDPR regulatory compliance service offering on the market. Let's take a look at what they are, where their limitations lie, and find out why certain offering formats should alert you.
1st type of offer: the model portfolio
The first type of GDPR compliance service offering therefore concerns the sale of GDPR compliance document templates. Some companies have modelled and documented the process of achieving and maintaining compliance with the GDPR in order to resell these documents as an GDPR compliance service.
The advantage of this type of offer is obviously its modest price: these templates are generally available for a few dozen or a few hundred euros. However, the difficulty lies in using these templates. They need to be filled in, completed and kept up to date, so you still have to do 90% of the compliance work yourself! Having empty templates will not help you with your GDPR compliance. Having templates filled in with the wrong information, or with information that ultimately documents your company's non-compliance, even less so...
With this type of service, not only would you need to have solid knowledge and skills in GDPR compliance (to complete and use these templates correctly), but you would also need to devote time to completing these templates, and thus managing your organisation's compliance project.
2nd type of offer: subscription-based compliance
The second main type of GDPR compliance service involves the sale of a subscription-based support service. In this case, you pay a subscription fee (the same price every month) to access DPO support when you need it.
And it's the end of the sentence that poses the problem: "when you need it". This assumes that you have sufficiently good and exhaustive knowledge of regulatory compliance with the GDPR to be able to know what you need, and when!
This type of service is generally a little more expensive than the sale of templates we mentioned earlier. However, the disadvantages are more or less the same: paying for DPO support does not mean that you have access to a DPO to help you manage your GDPR compliance. It simply means that if you have a question, you will be able to get an answer (or at least someone to ask that question to). However, no DPO will take charge of your compliance actions or of maintaining your regulatory compliance, and no DPO will take proactive decisions to help you improve the state of your GDPR compliance.
On the other hand, the subscription price is well paid every month, whether the support is requested or not.
So if you are not sufficiently comfortable with compliance with the GDPR and with the tasks of a DPO, it will be very difficult for you to become aware of the compliance gaps, and even more difficult to ask this support the right questions! It is therefore very likely that you will only ask this support for very operational questions ("Is it possible to do this, or that?") and very little about questions of governance and management of your company's compliance.
As a result, this type of offering also requires a significant investment on your part: you will remain responsible for your organisation's compliance with the GDPR and for carrying out the day-to-day tasks of ensuring and maintaining regulatory compliance.
But if you have any questions, our support team will answer them!
3rd type of offering: supported and managed compliance
Finally, this third type of offer concerns the type of services we provide at CyberSecura.
In this third case, you are accompanied, supported and guided by an expert DPO, who takes charge of your organisation's regulatory compliance activities!
We offer our customers GDPR compliance services provided by a legal expert who is responsible for proactively taking charge of your organisation's compliance and maintenance activities.
Ultimately, this type of service involves delegating your organisation's regulatory compliance to an expert DPO, who is responsible for managing your organisation's compliance project, carrying out the compliance actions and providing a support service that is accessible to the organisation and its employees as well as to its customers, prospects, service providers and partners!
This type of service is more expensive because it is more comprehensive. However, the costs of such support are smoothed out over time. What's more, with compliance support, and unlike subscription-based compliance services, every hour billed is an hour that a lawyer has worked for you! So you only pay for the services and support you actually use.
To conclude
The GDPR has given rise to a new customer need, which many professionals have tried to address through various product and service offerings. Unfortunately, some of these offers have distorted the spirit of the GDPR and the protection of personal data, reducing this ethical issue to a simple set of criteria to be ticked off.
However, regulatory compliance with the GDPR is much more complex than it seems. It is a very specific area of expertise, requiring skills in technical security, security governance and data protection. As such, it requires the intervention of an expert, dedicated to these issues and problems, and available on a daily basis to support the organisation as it moves towards compliance.
Related blog posts:
Did you enjoy this blog post?
Find more content related to cybersecurity and GDPR regulatory compliance on the CyberSecura blog!
Find out more about our outsourced timeshare DPO services!
We need your answers!
By completing this survey, you are helping us to better understand your interactions with our site and your potential needs.
Your answers are anonymous, and unless you ask to be contacted again by our teams, no personal information is requested!
Thank you for your responses!
Would you like to be informed of our news and receive our latest blog articles directly in your mailbox? Subscribe to our monthly newsletter!
Would you like to discuss your difficulties, your needs, our offers? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts!
Comments