Skip to main content

Information Governance & Data Protection

Lydian advises clients in a broad range of industry sectors on all aspects of compliance with data protection and privacy laws and regulations.

Focus areas

Audits to assess your organisation’s (or specific processing operations’) compliance with data protection legislation/regulation.

Pursuant to the GDPR, a data controller must regularly audit its processing activities to assess the level of compliance and identify instances of non-compliance and possible improvement.

Lydian carries out or provides assistance with Data Protection Compliance Audits, including:

  • scoping, incl. identification of areas affected and key stakeholders;
  • initial project set-up and resourcing;
  • roadmap development, planning (milestones), project management and tooling;
  • detailed analysis of GDPR requirements and impact on the business/operations;
  • data mapping and document gathering;
  • assessment of the existing level of data protection (privacy) compliance; and
  • gap analysis: steps to be taken in order to achieve/improve GDPR compliance.

We make use of proven methodologies and standardised tools (e.g., audit toolkits, questionnaires, compliance checklists) and, at your request, we can ensure the project management during the entire project.

Price: Contact us for a tailor-made offer

    Hands-on, practical assistance on the implementation of the GDPR within your organisation.

    Upon completion of a Data Protection Compliance Audit or otherwise, steps must be undertaken to bring the in-scope processing activities in line with data protection legislation, based upon the gaps identified.

    Lydian provides hands-on, practical assistance to clients on the implementation of the GDPR’s requirements. We provide, amongst other things, the following assistance:

    • implementation of GDPR-compliant processes, documentation, policies;
    • internal communication, training and (C-level) awareness raising;
    • advice on mechanisms to legitimise cross-border data transfers;
    • advice on the appointment of a Data Protection Officer; and
    •  carrying out Data Protection Impact Assessments (DPIA).

    Price: Contact us for a tailor-made offer

      Lydian as your external DPO.

      Under the GDPR, it is a requirement for certain controllers and processors to designate a Data Protection Officer (DPO). The designated DPO will play a central role in implementing an effective data protection framework that complies with the requirements of the GDPR. Pursuant to the GDPR, the DPO may be internal (employee) or external (service provider). 

      Our DPO as a Service offering enables organisations to appoint a senior Lydian lawyer (Partner, Counsel or Of-Counsel) as its external DPO, thus enabling the organisation to be compliant with the GDPR and to rely on the broad expertise of Lydian’s Information Governance & Data Protection (Privacy) team.

      Price: Contact us for a tailor-made offer

        Lydian as an extension of your DPO Team at a fixed price.

        As a DPO or Privacy Manager, while you have limited time and other resources, you are faced with a multitude of often complex and delicate questions on a very broad range of issues coming from within your organisation.

        Our DPO Support service acts as your helpdesk. Lydian can provide you with the necessary support in order for you to be able to cope with the workload and, in addition, act as a sounding board. Our service consists of a fixed number of hours of assistance per month at a fixed monthly fee. This way, we provide you with assistance within a budget that is clear from the outset.

        Price: Contact us for a tailor-made offer

          GDPR expert resources to help you cope with (spikes in) GDPR workload.

          As a DPO or Privacy Manager, your time and resources are limited. New projects within your organisation may cause a sudden need for additional GDPR expert resources. 

          Lydian has a team of lawyers with interesting profiles and the necessary expertise in data protection. These people are available to assist you with various projects and can support you with complex and/or day-to-day tasks on a project or secondment basis, on-premise or from a distance.

          Price: Contact us for a tailor-made offer

            Periodic comprehensive overviews of recent data protection developments.

            As a DPO, Privacy Manager or privacy professional, you must keep up-to-date on the latest developments in the area of data protection. This is in and of itself already a challenging task, given the complexity of the legal area, the constantly evolving data protection landscape and the sheer number of stakeholders. 

            Our Legal Update Data Protection, which is available on a monthly or quarterly basis, helps you by tracking important Belgian and EU legal, regulatory, case law and other developments in the area of data protection, complete with useful summaries, recommendations and links to the original documents in English, Dutch and/or French. Our Legal Update Data Protection is available in English only.

            Price: EUR 500 / quarter (quarterly)

              Development and administration of GDPR training and awareness programmes.

              Awareness-raising and training of staff involved in processing operations are key obligations of every controller and processor. This is also part of the mandatory responsibilities of the DPO.

              Lydian assists clients by developing, in close cooperation with the client, tailor-made training and awareness programmes for the various target audiences within the organisation. Our assistance includes:

              • curriculum development, tailored to each target audience;
              • development of client-specific course materials;
              • provision of training (directly or train-the-trainer; live, webinar or pre-recorded); and
              • advising on suitable awareness campaigns, taking into account the specifics of the organisation.

              Our offering does not only comprise general GDPR training, but also training of specific functions or persons within the organisation (e.g., HR or privacy PoCs throughout your organisation).

              Price: Contact us for a tailor-made offer

                Advising on international data transfers and Transfer Impact Assessments (TIA).

                In a global business context, international transfers of personal data are inevitable. When working with partners, suppliers and subcontractors located in other parts of the world, controllers must consider the safeguards of the country in which these contracting parties are located. It should therefore be evaluated whether the strict European standards are met and the processing operations can provide appropriate safeguards.

                The Schrems II judgment introduced the so-called Transfer Impact Assessment (TIA). Due to the annulment of the then "Privacy Shield" transfer mechanism to the United States and questioning the use of Standard Contractual Clauses (SCCs) as such, organisations may be required to conduct a TIA.

                Lydian can assist your organisation in the processing of personal data in such an international context and has extensive experience in advising clients on selecting an appropriate transfer mechanism as well as the implementation of a TIA and taking additional measures to safeguard personal data.

                Price: Contact us for a tailor-made offer

                  Effective and practical data breach and incident response support, including 24/7/365 Hotline.

                  Growing technology and complex digitalisation increase risks of cyber-attacks and loss of data for companies.

                  We advise clients on the pro-active steps to take in order to protect their business against such attacks. We have experience in legal risks assessment, drafting contractual clauses, efficient insurance coverage and the correct management of personal data.

                  When faced with a data breach or security incident, time is of the essence. Not only does the GDPR provide for strict notification (towards the supervisory authorities) and communication (towards the affected data subjects) obligations. In addition, your organisation’s operations may be compromised and it may face liability vis-à-vis affected data subjects and third parties. 

                  Lydian provides data breach and incident response support, enabling you to meet all deadlines and fulfil your obligations. Our assistance includes: 

                  • preparation of data breach and incident response plans, procedures and processes;
                  • incident management and coordination; 
                  • advising on mitigating measures to be taken in order to ensure business continuity;
                  • contacts with and coordination of third party vendors (e.g., IT forensics);
                  • the preparation, review and/or submission of required notifications to supervisory authorities; 
                  • the preparation of communications addressed to affected data subjects;
                  • the preparation and/or review of follow-up communications with supervisory authorities;
                  • identifying legal responsibilities and enforcing your organisation’s rights (through formal notifications of default, amicable negotiations and, if necessary, court proceedings);
                  • assistance on possible contractual disputes as a result of the incident (e.g., with service providers); and
                  • advising on possible insurance coverage and assisting with timely insurance declarations.

                  Lydian has set up a dedicated Lydian Hotline that is 24/7/365 available (see below). 

                  Price: Contact us for a tailor-made offer

                    A 24/7/365 hotline for emergency data protection assistance.

                    As DPO or Privacy Manager, you are often confronted with situations that require immediate attention and assistance from external counsel.
                    Think about:

                    • your organisation is the subject of an unannounced company visit by the Data Protection Authority and you need immediate (on premise) legal assistance;
                    • your organisation has been the subject of a cyber-attack resulting in your organisation’s systems being down and/or its operations seriously hampered and you need external counsel to provide breach response services; or
                    • your organisation suffered a data breach, which must be notified to the data protection supervisory authorities within 72 hours and must possibly also be communicated to the data subjects.

                    Call the Lydian Hotline. The Lydian Hotline is a professionally run 24/7/365 hotline that can be called by (prospect) clients and that ensures that you receive immediate assistance from Lydian. 

                    The Lydian Hotline is outsourced to a professional call centre operator subject to strict SLAs and ensures that you will be contacted immediately by one of the partners of the firm, who will be able to further assist you with his/her team.

                    Price: Use of the Lydian Hotline is free of charge

                      Assistance on and management of inspections by supervisory authorities.

                      Supervisory authorities may investigate your organisation’s data protection practices in various circumstances, be it as a result of a complaint or request or even on its own initiative. The Data Protection Authority’s Inspection Service has far-reaching investigative powers in this respect and may, inter alia, conduct written enquiries, on-site investigations, etc.

                      Lydian can assist you as DPO or Privacy Manager with all aspects of such inspections, including:

                      • the drawing up of internal guidelines and policies and the organisation of trainings, in order to make sure that everyone knows what is expected of him/her in the event of an investigation;
                      • communication with supervisory authorities; 
                      • on-site assistance during inspections
                      • international coordination;
                      • emergency consultations and track of deadlines;
                      • the review of evidence and the preparation of a file of exhibits; and 
                      • the preparation and/or review of responses.

                      Price: Contact us for a tailor-made offer

                        Representation in data protection litigation before supervisory authorities and regular courts.

                        Supervisory authorities can impose various sanctions on organisations, ranging from a warning or reprimand to (astronomical) administrative fines. In addition, proceedings may be brought before the ordinary Belgian courts. An appropriate and timely defence against accusations and/or claims of data subjects is extremely important. 

                        Lydian can represent the interests of your organisation in proceedings before the Data Protection Authority, the ordinary Belgian courts and, if necessary and/or useful, the Market Court or the other Courts of Appeal. Lydian has a strong track record and strives to establish a robust defence based on a thorough knowledge of each case. 

                        Price: Contact us for a tailor-made offer

                          Drafting, review and negotiation of data protection related contracts

                          Pursuant to the GDPR, controllers must enter into processing agreements when entrusting the processing to a processor (Art. 28 GDPR). Where two or more organisations work together as joint controllers, a contract is also mandatory (Art. 26 GDPR). Contracts between independent controllers are not mandatory but highly recommended.

                          Lydian assists clients on the drafting, review and negotiation of the various types of data protection agreements. Wondering whether your organisation’s template agreements are adequate and reflect the state of the art? Contact us for an independent review.

                          Price: Contact us for a tailor-made offer
                          Review and mark-up of standard data processing agreement: EUR 900

                            Preparation, conduct and review of Data Protection Impact Assessments (DPIAs).

                            Keeping your organisation up to date with the newest trends and developments in the field, in particular using new technologies, often presents risks as regards data protection. Controllers must therefore consider the impact of the planned processing operations of personal data.

                            Where data processing can be considered high risk for data subjects, your organisation can rely on Lydian to conduct a thorough data protection impact assessment (DPIA) to keep your business compliant. Our assistance includes:

                            • analysis whether the organisation is required to conduct a DPIA;
                            • description of the nature, scope, context and purpose of processing;
                            • assessment of the necessity and proportionality of the processing operations and reflection on possible alternatives;
                            • consideration of the potential impact on data subjects;
                            • identification of risks and proposition of mitigating measures;
                            • advise on the consultation of a supervisory authority;
                            • follow-up on the implementation of the project and integration of the DPIA outcome into the project plan; and
                            • regular/periodic review of the DPIA.

                            Price: Contact us for a tailor-made offer

                              Hands-on assistance on Data Subject (Access) Requests.

                              Under the GDPR, data subjects have been granted broad rights that can be exercised against your organisation as data controller. This includes the right to access, correction, deletion, objection, transfer and restriction. As a controller, you must honour such requests within strict timelines (generally one (1) month).

                              Lydian provides assistance in the communication with data subjects. Such communication must be done very carefully as data subjects can lodge complaints with the Data Protection Authority when your organisation’s answer is not satisfactory. Lydian can indicate what information must be communicated in what manner and what actions must be taken when receiving such a request. Lydian also assists with the analysis of whether the data subject right invoked applies in the case at hand and, if so, what exceptions or exemptions could be invoked by your organisation.

                              Price: Contact us for a tailor-made offer

                                Advice on handling data protection and privacy issues in an employment context.

                                Data Protection legislation does not only affect customer data. Personal data of your employees are at least as important. There are even stricter regulations for handling employee data than customer data.

                                Lydian’s multi-disciplinary Information Governance & Data Protection (Privacy) team comprises employment law experts and has extensive experience in HR data protection and privacy issues at work. We advise clients on:

                                • GDPR compliance in HR (data protection notices, data subject requests, GDPR training for HR, agreements with HR service providers);
                                • privacy issues in recruitment (background screening) and employment;
                                • processing HR data (databases, software); and
                                • privacy-related questions in internal investigations of employees and disputes between employees and employers.

                                We assist our clients in implementing global data protection agreements as well as drafting specific policies on acceptable use of IT, CCTV and other tracking systems or cyber surveillance (including BYOD, social media), and whistleblowing.

                                Price: Contact us for a tailor-made offer

                                  Advise on the use of personal data in a marketing and e-commerce context.
                                  E-commerce businesses deal with many data: they process everything from customer data to locational and behavioural data. Personal data is shared with retailers or service providers every time a customer or user goes online.

                                  Lydian has extensive experience with the collection, use and disclosure of data through various marketing tools. We advise clients on the rules regarding opt-in and opt-out for direct marketing through all channels. We advise clients on the use of personal data in the context of Big Data projects and ensure that such projects comply with the rules on transparency, automated data processing activities and profiling. We advise clients on the use of cookies and similar technologies. We also assist clients in dealing with data breach response.

                                  Price: Contact us for a tailor-made offer

                                    Preparation, documentation and practical implementation of appropriate data and records retention policies.

                                    Under the GDPR, personal data may be retained for no longer than is necessary for the purposes for which they are processed. Implementing and enforcing appropriate data and records retention policies and schedules within an organisation is probably one of the most daunting tasks of a DPO or Privacy Manager.

                                    Lydian assists clients in preparing and documenting appropriate data and records retention policies. In close cooperation with our client’s IT departments, Lydian also advises clients on how to implement and enforce data and records retention policies in day-to-day activities, preferably in an automated manner.

                                    Price: Contact us for a tailor-made offer

                                      Free of charge newsletters keeping you up-to-date on recent data protection developments.

                                      Via our timely e-zines, we keep you as privacy professional up to date on the most recent developments in the area of data protection. Register for free here.

                                      Price: Free of charge

                                        Free of charge seminars/webinars providing in-depth analysis of recent data protection developments.

                                        Lydian’s Information Governance & Data Protection (Privacy) practice group regularly organises free lunch seminars and webinars. During such seminars/webinars, we discuss in-depth a specific issue in the field of data protection (e.g., international transfer, DPIA, etc.). Participation is free of charge. To be informed of upcoming seminars/webinars, please register for our Privacy & Data Protection e-Zine here.

                                        Price: Free of charge