Outsourced Privacy Engineering Team

 

When launching a software on EU market you may face the following issues:

 

  1. During the development process, you have realized that your product does not comply with the strict rules of the European Union or marketplace for data protection. It is the risk of a huge multimillion fine, non-admission or ban of the app in marketplaces, a drop in the company's value, loss of customers, and damage to reputation. You need to change something urgently, before bringing your product to the final stage of development. Otherwise, it will be too late, and you will just have to close the project, losing the invested funds and time.
  2. You are not starting the development because you do not know which of the many GDPR requirements apply to your product. Because of this, deadlines are missed, and each month of delay means lost profits and opportunities.
  3. You are trying to build privacy into the product, but you are acting at random, and you are not sure of the effectiveness of your solutions. You may be doing unnecessary work or complicating things that can be made easier. Probably, you will have to make changes and incur unplanned losses. Will the product be as profitable for you as it was before?
  4. You are a customer of the application/site/system and hope that due to contractual conditions, the developer will embed privacy into the product. However, you don't know how to make a specification so that it complies with the GDPR, or don't know how to perform acceptance testing of the product to ensure full compliance of the product with the GDPR.
  5. You want to win or have already won a dream tender. Your client has sent you a questionnaire with questions about the GDPR and Privacy by design. Unfortunately, you do not know how to answer them correctly, how to prepare for the annual client's audit, or whether your product meets the requirements of the tender.
  6. Users have started to request or ask to delete their data frequently. You respond to everyone on time, but users address regulatory authorities with a complaint that you have been storing their data for too long or unreasonably.
  7. You are a developer and have found a dream job/contract, but you need expertise and experience in applying the GDPR or Privacy by design.

Of course, you can figure out everything by yourself, become an expert, and advise your company. However, it will be a thorny path of trial and error that may last for several years.

 

If you need to create or modify a privacy-friendly product that complies with the GDPR in a short time, then our outsourced Privacy Engineering Team is ready to solve this problem.

 


dpo

PETeam is a team formed by a certified GDPR expert, an engineer (software architect), and, if necessary, one or more programmers. All you need to do is to test the work and implement solutions.


What tasks does PETeam fulfil?

  1. It conducts software audits (at the stage of current or planned implementation). It helps you to formulate an accurate list of requirements (the corresponding section of the terms of reference) that relates specifically to your product, saving you from unnecessary work.
  2. It effectively interacts with project stakeholders and contributes to the implementation of the GDPR in the software, and, if necessary and at your request, makes improvements to your code.
  3. It tests your employees' knowledge and gives them all the necessary knowledge and skills for further independent support.
  4. It advises your specialists and formulates tasks for changes and improvements to comply with the GDPR.
  5. It configures product development processes in accordance with data protection legislation.
  6. It conducts audit and product acceptance testing for compliance with the GDPR.
  7. (option) It creates and trains a similar Privacy Engineering Team within your company that can further implement privacy in all your future products.

What are the advantages of our team?

dpo
Competence
Our experts have international certificates and valuable experience. We have already solved atypical problems with minimal costs.
dpo
Reliability
We guarantee the quality and correctness of our work in terms of compliance with the GDPR requirements. We can confirm these words by putting our signature.
dpo
Experience
Our developer/privacy engineer has experience and knowledge in implementing the GDPR at the technical level. In other words, he knows how to write the code and build the architecture of the product.

What happens after you contact us?

Step 1.

We make a product audit: we determine the need and possibility of a PETeam intervention. For example, we've looked at a small product and have made one of the following expert assessments: 1) changes are necessary and possible; 2) you do not need any changes; 3) it is cheaper to rewrite it from scratch.

Step 2.

If we decide to join your project, an onboarding of our team is carried out. We study the goal, processes, architecture, style, design, data flows, and processing, and get familiar with the development methodology in the team. We select personal data in the data model and where and how they are stored and processed.

Step 3.

We plan further improvements by developing a list of tasks (scope of the work), stages, blocks, evaluating them, and planning sprints.

Step 4.

We participate in team development, consulting, meetings, and brainstorming. We participate in the testing and finalization of the product.

Step 5.

We conduct a final product audit, acceptance testing, and prepare the report.

 


Results: optimization of processes (workflow), added required functionality (automatization of the exercise of the subject's rights, setting up system rules for data deletion, and development of customized documentation (privacy notice, checkboxes, cookie banner, DPA, SCC, Declaration of GDPR compliance, etc.)). Your team gains experience and knowledge in the implementation of the upcoming projects and tasks.


 

Price

price

The cost is based on the results of the audit. Payments are made on a monthly basis for the team and completed tasks.

You still may have these questions:

Will we need to rewrite our product from scratch?

Chances are extremely low, but this will become clear in the course of the first audit. We have cases when we might have to refuse the product or rewrite it from scratch, but we had found simple and creative solutions and “had saved” the created product.

Also, we will not need to remake the product if the errors in it have a minimal level of risk and you can accept them. We will inform you about all the shortcomings and their level of risk. Thus, you will be able to make an informed decision about the changes that should be implemented and the optional changes.

Why do you need to invite your developer if we have ours?

If you have a lot of employees and there are no product launch deadlines, you can devote a year or two to the improvement of employees' skills, hiring an external GDPR consultant, and searching for the optimal technical solution using the search method.


However, if you need to do the work effectively and in a short period of time, one would agree that it's easier to hire a team that already has relevant experience and knowledge. All our developers have experience in implementing the GDPR at the technical level (privacy engineer).

Do you guarantee the protection of our trade secrets and know-how?

We assume legal obligations by signing non-disclosure and non-compete agreements. We are also ready to consider working on your devices and in your offices.

Is it expensive?

It depends. As a rule, it will be more expensive to train your employees, discover violations of the Regulation, find a suitable solution, and conduct an audit than to hire our team. 

However, it is cheaper to work with us than to pay a fine, rewrite the entire product, and cede the EU market to competitors. In particular, we invite only competent and experienced specialists with a unique specialization who have a high value in the labor market to join our team. Thus, by hiring our PETeam, you invest in high-quality work and guaranteed results within the planned time frame. And only you decide how valuable it is.

Why don't you have a tester in your team, and we need to involve ours?

Because your tester knows the product, and it would be quite expensive to transfer this knowledge. Therefore, to ensure better quality, we recommend you using your tester.

What guarantees of compliance with the GDPR and all other requirements can you give us?

We conduct a final audit and sign a report that can be shown to supervisors and partners. The audit is conducted by professionals from Data Privacy Office LLC who are internationally certified and do not participate in the development team.

You can also order an audit from a third-party company, and if they discover clear violations of the Regulations, we are ready to eliminate them at our own expense.

Do you guarantee that you won't “break” our product or some of its features?

We are ready to work in a separate branch without having full access to the entire product.

We implement an internal Code Review. Moreover, we ask you to provide us your employees for an external Code Review.

Embedding the GDPR into our product can change our business model and reduce the monetization, data analysis, and marketing effectiveness. How can you help us avoid this?

A unique feature of our company is that if there is a way to balance privacy requirements and customer's financial interests, we will do it for you. Besides, we will confirm all the tasks needed for embedding the GDPR in your product with the project stakeholders.

Can you guarantee that the work will be completed on time?

We bring together a team of experienced and competent specialists who can adequately assess the deadlines.

At each sprint, we will show you the completed tasks. We will also give you access to our team's Burn Down Chart.

Competencies and certification

Order






    The course is loading, wait a few seconds