And with these two important messages:
- Don't aim for 100% GDPR compliance.
- Don't aim to do it all at once.
The journey (with no finish line)
Compliance is a journey where the end goal shouldn't be complete β .
It cannot be, anyway, as we won't ever reach a finish line - like we won't either for accounting, taxes and all the other always ongoing business operations.
So tailor your compliance efforts to your type and size of business, your current needs, and align this with your strategic ambitions and goals.
One thing's for sure, although 100% may not be the goal (or even the ambition), you don't want non-compliance as a significant business risk π©.
And this risk will vary according to your current efforts. Poorly written, insufficient and/or outdated privacy policy, lack of 2021 SCCs (or even just a data processing agreement!), no solid response to the customer asking about your Schrems II compliance - are all risks that jeopardize both current and potential customer deals.
Both non-compliance and working with compliance can be costly and frustrating. Especially if you work with lawyers or consultants that over-do your (current) compliance needs and, consequently, over-charge. πΈ (And there's no such thing as "100% compliant".)
So finding the right partner is key. And if you're not only looking for a pair of hands (and price is your #1 focus), but someone who can help you deal with your GDPR compliance in a pragmatic, efficient and smart way - as your trusted advisor - you're in the right place.
The company
NoTies.Consulting is the international brand name for Bedre Bedrift AS, a Norwegian-registered limited liability company (see our public record here). We deliver privacy and data protection consulting services globally (also see our separate sites for SaaS and Norway).
The privacy enthusiast
Hi there, my name is Rie Aleksandra Walle and I'm the founder of NoTies.Consulting (Bedre Bedrift AS). π
Mainly, I help with actionable GDPR Audits where I give you clarity on your work, identify gaps and high risks, and give you practical and pragmatic advice to help you manage these risks.
Over 15 years of professional experience, public and private, established and emerging markets (Norway, Nordics, Qatar, Dubai/MENA), for Ernst & Young, Nordic Innovation and in higher education, working mainly with project management, digitalization, business development and startups, has provided me with an invaluable understanding of how to work effectively and successfully in multi-national and cross-cultural teams, managing often conflicting agendas and personalities in projects with 50+ stakeholders.
My background and experience is key to my current success in helping people manage the complexities of privacy and data protection.
If you're extra curious you can snoop through my LinkedIn profile here.
I'm also fortunate enough to work with a range of experienced professionals in the fields of privacy, data protection and cyber security, including consultants and lawyers in both the EEA and the US.
With a burning passion for privacy and our right to a private life, I've worked exclusively in this field over the past years, with over a hundred businesses and organizations in countries such as the US (including on Hawaii!), Canada, Germany, Sweden, Thailand, Singapore and Norway, to mention a few - including from both the public and the private sector.
π€ I also guest lecture and help develop courses at BI Norwegian Business School (Executive Course for DPOs) and Kristiania University College, and I'm an appointed Expert at the EDPB's Pool of Experts.
My focus exceeds traditional consulting services. If you only need a pair of hands helping you fill out policies and procedures, you're in the wrong place. β
If you're looking for someone who's gone as broad as deep in privacy and data protection and who can truly be a trusted and knowledgeable advisor and partner, you're in the right place. β
My full CV, credentials and references are available on LinkedIn (where you also can follow my free updates on GDPR fines πΈ, decisions and rulings from regulators) and testimonials at my page here.
I have a genuine interest in the GDPR. Not as a law text per se, but due to my true passion for privacy and our right to control our own data.
My enthusiasm around privacy and data protection is contagious, which is also one of the things my clients truly appreciate when working with me. Consider yourself warned. ;)