And with these two important messages:
- Don't aim for 100% GDPR compliance (it's impossible anyway).
- Don't aim to do it all at once.
The journey (with no finish line)
Compliance is a journey where the end goal shouldn't be complete.
It cannot be, anyway, as we won't ever reach a finish line - like we won't either for accounting, taxes and all the other always ongoing business operations.
So tailor your compliance efforts to your type and size of business, your current needs, and align this with your strategic ambitions and goals.
One thing's for sure, although 100% might not be your ambition (don't worry, it's not possible anyway), you don't want non-compliance as a significant business risk. π©
And this risk will vary according to your current efforts. Poorly written, insufficient or outdated privacy policy, lack of 2021 SCCs or a data processing agreement, no solid response to the customer asking about your Schrems II compliance - are all risks that jeopardize both current and potential customer deals.
Both non-compliance and working with compliance can be costly and frustrating. Especially if you work with lawyers or consultants that over-do your (current) compliance needs and, consequently, over-charge. πΈ
So finding the right sparring partner is key. And if you're not only looking for a pair of hands (and price is your #1 focus), but someone who can help you deal with your GDPR compliance in a pragmatic, efficient and smart way - you're in the right place.
The company
NoTies Consulting is the international brand name for Bedre Bedrift AS, a Norwegian-registered limited liability company (see our public record here). We deliver privacy and data protection consulting and training services globally.
The privacy enthusiast
Hello there, my name is Rie Aleksandra Walle and I'm the founder of NoTies Consulting. π
In a nutshell: Over 17 years of professional experience, public and private, in established and emerging markets (Nordics, Qatar/MENA), for EY, Nordic Innovation and in higher education, working mainly with strategy, digital transformation, business development and startups, has provided me with an invaluable understanding of how to manage cross-cultural teams effectively and successfully, often with conflicting agendas and personalities (covering several countries) in projects with 50+ stakeholders and multi-$million customer accounts.
My background and experience is key to my current success in helping people manage the complexities of privacy and data protection.
I'm not a traditional consultant and I only work with a limited number of customers. I'm a Grumpy GDPR podcaster, speaker, trainer, teacher, mentor and sparring partner to fellow DPOs, helping them keeeping up to date with the DPO Hub. Follow my free updates any time on LinkedIn.
I'm also fortunate enough to work with a range of experienced professionals in the fields of privacy, data protection and cyber security, including consultants and lawyers in both the EEA and the US.
With a burning passion for fairness, privacy and our right to a private life, I've worked exclusively in this field over the past years, directly with ~100 organizations in countries such as the US (including on Hawaii, 12 hours ahead of me!), Canada, Germany, Sweden, Thailand, Singapore and Norway, to mention a few - including from both the public and the private sector.
π€ I also guest lecture at BI Norwegian Business School (Executive Course for DPOs), Kristiania University College (where I also contribute to online course development and podcasts) and HINN University (Data protection and ethics), and I'm appointed to the EDPB's external Pool of Experts.
My full CV, credentials and several references are available on LinkedIn - where you also can follow my free updates on GDPR fines πΈ, decisions and rulings from regulators from across the EEA.