Top of Page


Links to move inside this page.

  1. HOME
  2. Business
  3. IIJ GDPR Second Opinion Service

IIJ GDPR Second Opinion Service

About the Service Overview

The IIJ GDPR Second Opinion Service provides a review of your documents and related advice to ensure full accountability with Supervisory Authorities. We will also edit documents as necessary.
There is nothing better than mitigating risk without any cost. Many companies are unsure if they are fully GDPR-compliant. They also lack confidence to respond properly to Supervisory Authorities.
Many consulting companies entrusted to perform related investigations often lack expertise in GDPR, which naturally creates a lack of confidence in their output. This leads to further anxiety about GDPR-compliance.
IIJ has started this Second Opinion Service in response to these types of ever-increasing concerns.

Service Features

Supervisory Authorities Reviews

According to Article 5 of the GDPR, companies must ensure full accountability with Supervisory Authorities at all times. Article 30 defines the documentation and their formats, starting with processing records, that are required for accountability with Supervisory Authorities. Many companies are not confident in their ability to produce the proper documentation for Supervisory Authorities.
IIJ has gained the knowledge and experience through actual interactions with Supervisory Authorities through Binding Corporate Rules (BCR) filings, consulting, and our IIJ DPO Outsourcing Service to confidently check and provide advice on documentation.
We have also seen instances of meaningless documents produced by other consultants who lack sufficient expertise in GDPR matters. Our service features a team of GDPR experts to help resolve even these types of scenarios.

Document Editing

We can also edit your documents per your request.
We sometimes encounter cases where customers create documents without understanding "Lawfulness of processing" (getting consent frequently from employees, for example). In these situations, documentation must be fully revised, including review of the fundamental legal basis through subsequent operational processes.

Immediate and Appropriate Response to Incidents

GDPR requires companies to submit reports to Supervisory Authorities within 72 hours once a controller realizes that a personal data breach has occurred(*1).
With this service, IIJ will have an understanding of your systems/organization for handling personal data. This enables us to provide immediate and appropriate advice when incidents occur. The risk of incidents can be truly minimized by using this service together with our IIJ GDPR Incident Management and Support Service.

  1. (*1) Awareness as defined in page 10 of "Guidelines on Personal data breach notification under Regulation" PDF (GDPR guidelines PDF)

(Japanese text only)


End of the page.

Top of Page