Compliance and data protection, without the complexity.
Practical solutions scaled to the real size of the business — focused on risk prevention and internal organisation.
Practical implementation, not bureaucracy.
We implement compliance and data protection solutions tailored to the reality of each business, with a focus on risk prevention and internal organisation.
Our involvement is proportionate to the size of the company — an SME does not require the same effort as a multinational, but must fulfil the same fundamental obligations.
What we do.
01
Internal audits
Mapping data processing activities and critical procedures — to identify where the real risk lies, not the theoretical one.
02
Internal policies and regulations
Codes of conduct, internal regulations, remote work policies and data protection policies — written to be applied.
03
GDPR documentation
Records of processing activities, impact assessments, privacy policies and terms.
04
Processor agreements
Standard clauses, technical and organisational annexes, data processing agreements compliant with Art. 28 GDPR.
05
Internal training
Short, focused sessions for the client's teams — no legal jargon, with practical cases from the company itself.
06
Ongoing support
Assistance in responding to data subject requests, incidents and supervisory authority investigations — when they arise.
What your company gains.
01
Risk reduction
Identifies and mitigates vulnerabilities before they turn into fines.
02
Internal organisation
Clear, documented and auditable procedures.
03
Security
Prepared response for data incidents and data subject requests.
04
Audit readiness
Coherent, orderly and defensible documentation.
Before booking a meeting.
- Does my SME need to implement the GDPR?
- Yes. The GDPR applies to any company that processes personal data — of clients, employees or suppliers — regardless of size. What changes for an SME is the depth of implementation, which is proportionate to the real risk of the business.
- Does my company need a data-protection risk assessment?
- As a rule, yes. An assessment identifies what data the company processes, where the weaknesses are and what documentation is missing, before a complaint or an inspection by the CNPD. The work is practical and tailored to the company, not a theoretical exercise.
- Is my SME required to have a whistleblowing channel?
- It may be. The obligation to have an internal whistleblowing channel depends, among other criteria, on the company’s number of employees. We assess case by case whether your company is covered and, if so, help implement a compliant channel.
- What does PREISA’s compliance support include?
- Internal audits, policies and regulations, GDPR documentation, subprocessor agreements, team training, and ongoing support to respond to data-subject requests, incidents and inspections as they arise.
