Data Protection | GDPR

The impact of GDPR on any business is sizeable. In addition to the GDPR in the EU, national regulators outside of it are drafting similar data protection regulations and other data protection laws and standards for organizations to comply with 

Services Overview

Readiness Assessment

  • Detailed assessment of organization’s compliance with GDPR, Data Protection Act, and other data protection regulations.
  • Gap analysis, recommendations and roadmap towards full compliance.
  • Employee training.

Data Protection Incubator

  • Designing and implementing comprehensive data protection program.
  • Information security solutions.
  • Risk management (privacy & security risk analysis).
  • Third-party management.
  • Training (GDPR, DPO, GRC, information security, third-party and risk management).

Data Protection Officer Services

  • Data protection legislation interpretation and advice.
  • Personal data processing management.
  • Act as supervisory authority POC.
  • Employee trainings.

Data Mapping and Data Inventory

  • Identifying and documenting data locations, access, and data transfers.
  • Identifying and documenting personal information flow diagrams.
  • Categorization of personal data.


  • Drafting data processing agreements.
  • Drafting privacy policies, privacy notices and consent solutions.
  • Drafting binding corporate rules and codes of conduct.


  • PSI DSS compliance.
  • SOC 2 audit.
  • HIPAA compliance.
  • ISO 27001 compliance.
<a href="">Background photo created by lifeforstock -</a>

(R)evolution in regulating data protections 

Issue of ethics in online behavior is becoming more and more important in the tech and digital world. Lawmakers across the globe are educating their citizens about their privacy rights, and they are protecting them against damages from data breaches, which may have dramatical impact on the reputation and operations of a business with the breach. 

GDPR global influence

GDPR has initiated a revolution in legal regulation in general, and in personal data protection especially, because of its applicability outside of the territory of the EU. This is of great importance for tech companies with operations outside of their borders. Countries across the globe are adopting new data protection laws which are heavily influenced by the GDPR (Brazil, India, California, New Jersey, Serbia etc.).

The new Serbian Data Protection Act will apply as of August 21, 2019. It relies heavily on the GDPR.

<a href="">Business photo created by -</a>
LMS Digital Services GDPR China and Data Protection

China and Data Protection

GDPR applies to all companies that process personal data of individuals on the territory of the EU, regardless of where they are located, including those in China. While large Chinese corporations may already have taken the needed measures for legal compliance, small and medium-sized enterprises may not even be aware of it. The burden on the Chinese firms to comply with the privacy and security regulations does not end with the GDPR. In addition to ePrivacy in the EU, China itself has a modern set of data protection legislation that some consider as the most advanced in Asia. One is "Cybersecurity Law", which came into force on June 1, 2017, with its administrative specification in the form of the "Personal Information Specification" (May 1, 2018); and the second one is the "Data Transfer Law", which is still in draft but is likely to come into effect some time in 2019. To the compliance burden for the Chinese companies we may add data protection laws coming from the US, such as the "California Consumer Protection Act", a US state equivalent to GDPR.



This email address is being protected from spambots. You need JavaScript enabled to view it.