Data Protection Services

Data Protection Management Program

A Data Protection Management Program (DPMP) is a systematic framework to help organisations establish a robust data protection infrastructure. It covers management policies and processes for the handling of personal data as well as defines roles and responsibilities of the people in the organisation in relation to personal data protection. Having an established DPMP helps an organisation to demonstrate accountability in data protection. This provides confidence to stakeholders and fosters high-trust relationships with customers and business partners.

5 steps towards data protection compliance

What to do now

When an organisation “walks the talk” by implementing a robust data protection management program, enhanced trust from stakeholders including customers to engage with that organisation should follow. An organisation that has a strong data protection management program may enjoy an enhanced reputation that gives it a competitive edge.

We base our approach on a 5 step model of

  1. Aware – Knowledge of what data protection is, best practices and value of investing in a data protection management program
  2. Assess – Know where your current policies, procedures and practices are as measured against GDPR and other best-practice standards.
  3. Plan – Develop a Data Protection Strategy and governance approach to Data Protection Management
  4. Execute – Develop policies and procedures and train and communicate with staff and your stakeholders
  5. Monitor – Regularly monitor and audit the data protection management program. 


“Data Protection is not Anti-Business; there's a lot of money to be made by protecting people's individual rights”

Senior Vice President, Airbus

Our Data Protection Framework

The primary objective of our DPMP Framework is to provide guidance to organisations and external auditors in managing and assessing whether the organisations data protection compliance objectives are met. Our Framework contains the prescribed control objectives and illustrative controls for data protection privacy assurance assignments based on the following internationally recognised privacy frameworks

  • GAPP Principles – issued by the AICPA/CICA;
  • Privacy by Design;
  • The General Data Protection Regulations; and
  • ISO/IEC 27701:2019

In addition, the Framework can be deployed by organisations to assess the adequacy of data protection controls or to determine the extent to which current controls should be adapted to comply with (changing) legislative frameworks.

DPMP Implementation Cost

We tailor our DPMP implementation packages to suit your organisation’s unique requirements, based on the findings of the Gap Analysis. The number of consultancy days an organisation requires varies based on their size and complexity. For businesses who want to make on-going maintenance of Data Protection compliance easier, not to mention help with ad hoc data protection and privacy matters, we can also include data protection officer (outsourced DPO) services. The outsourced DPO is a retainer service that gives your organisation a fixed amount of DPO time per month for independent, expert privacy and data protection compliance advice.