IIJ GDPR Second Opinion Service

Supervisory Authorities Reviews

According to Article 5 of the GDPR, companies must ensure full accountability with Supervisory Authorities at all times. Article 30 defines the documentation and their formats, starting with processing records, that are required for accountability with Supervisory Authorities. Many companies are not confident in their ability to produce the proper documentation for Supervisory Authorities.
IIJ has gained the knowledge and experience through actual interactions with Supervisory Authorities through Binding Corporate Rules (BCR) filings, consulting, and our IIJ DPO Outsourcing Service to confidently check and provide advice on documentation.
We have also seen instances of meaningless documents produced by other consultants who lack sufficient expertise in GDPR matters. Our service features a team of GDPR experts to help resolve even these types of scenarios.

Document Editing

We can also edit your documents per your request.
We sometimes encounter cases where customers create documents without understanding "Lawfulness of processing" (getting consent frequently from employees, for example). In these situations, documentation must be fully revised, including review of the fundamental legal basis through subsequent operational processes.

Immediate and Appropriate Response to Incidents

GDPR requires companies to submit reports to Supervisory Authorities within 72 hours once a controller realizes that a personal data breach has occurred(*1).
With this service, IIJ will have an understanding of your systems/organization for handling personal data. This enables us to provide immediate and appropriate advice when incidents occur. The risk of incidents can be truly minimized by using this service together with our IIJ GDPR Incident Management and Support Service.

1. (*1) Awareness as defined in page 11 of "Guidelines 9/2022 on personal data breach notification under GDPR" (GDPR guidelines PDF)