Policies and agreements

Which elements do I need to cover in my privacy policy?

First of all, the GDPR requires companies and organisations to be transparent on which data they are processing, for which purposes such data is being used, and  for how long this data is going to be kept.

Bearing this in mind, it is important to describe in sufficient detail which data processing activities are undertaken.

Secondly, all privacy policies need to be drawn up using plain language, not legalese.

which arguments do i have to put in place

Which agreements do I have to put in place?

In addition to having a clear and detailed policy in place, it is also important to put in place agreements with parties with whom personal data are being exchanged.

More often than not, companies and organisations make use of various services that encompass the processing of data.

Examples from an information technology perspective include web and email hosting, cloud services such as Dropbox and iCloud, email services like MailChimp and Flexmail.

Also, HR processes entail the exchange and processing of employee information, such as social security funds, insurance companies, car leasing companies, etc.

Also here, the GDPR puts in place general requirements, which need to be translated and adapted into concrete documents which will cover such data processing activities.

Our solutions

Our data processing agreement checklist;

One of the most tedious tasks in becoming “GDPR compliant” relate to contracts with third parties that entail the processing – on your or their behalf – of personal data. Contracts with these stakeholders (which include, inter alia, software developers, hosting companies, HR firms, IT service providers, etc.) need to reflect the obligations set out in the GDPR, and this by May 25, 2018 at the latest.

As said, this task is a tedious one, in particular for companies who have many stakeholders with which they are exchanging personal data. In order to manage the influx of bespoke data processing agreements, we have designed a tool that will help you checking and documenting whether such agreement meets the requirements of the GDPR and is adapted to your needs.


Drafting a privacy policy, frequently asked questions regarding your approach to privacy, etc. requires insight from various angles. The most important ones, of course, are (1) knowing what the law says, and (2) knowing which types of data processing you are engaged in (and which types of data are being processed).

Gathering detailed insights from the entries into our online data processing register, we can help you setting up tailored documents, starting from templates we have designed ourselves and have a proven track record.


The mission of our consulting services is to create a low impact on existing practices, procedures and policies, trying to keep what works and to change whatever is absolutely necessary.

Bearing in mind the fact our work experience with IT engineers, process experts, financial and tax consultants, auditors, in-house and external lawyers, risk managers, process consultants, etc., we have gathered a broad view on the different touch and hand-over points of processes and – hence – personal data. This perspective provides you with truly unique insights on how processes can be optimised in order to serve you best.

Steven MotmansPolicies and Agreements