Compliance

Compliance and data protection, without the complexity.

Practical solutions scaled to the real size of the business — focused on risk prevention and internal organisation.

Approach

Practical implementation, not bureaucracy.

We implement compliance and data protection solutions tailored to the reality of each business, with a focus on risk prevention and internal organisation.

Our involvement is proportionate to the size of the company — an SME does not require the same effort as a multinational, but must fulfil the same fundamental obligations.

Services

What we do.

  1. 01

    Internal audits

    Mapping data processing activities and critical procedures — to identify where the real risk lies, not the theoretical one.

  2. 02

    Internal policies and regulations

    Codes of conduct, internal regulations, remote work policies and data protection policies — written to be applied.

  3. 03

    GDPR documentation

    Records of processing activities, impact assessments, privacy policies and terms.

  4. 04

    Processor agreements

    Standard clauses, technical and organisational annexes, data processing agreements compliant with Art. 28 GDPR.

  5. 05

    Internal training

    Short, focused sessions for the client's teams — no legal jargon, with practical cases from the company itself.

  6. 06

    Ongoing support

    Assistance in responding to data subject requests, incidents and supervisory authority investigations — when they arise.

Why

What your company gains.

  • 01

    Risk reduction

    Identifies and mitigates vulnerabilities before they turn into fines.

  • 02

    Internal organisation

    Clear, documented and auditable procedures.

  • 03

    Security

    Prepared response for data incidents and data subject requests.

  • 04

    Audit readiness

    Coherent, orderly and defensible documentation.

05 · Frequently asked questions

Before booking a meeting.

Does my SME need to implement the GDPR?
Yes. The GDPR applies to any company that processes personal data — of clients, employees or suppliers — regardless of size. What changes for an SME is the depth of implementation, which is proportionate to the real risk of the business.
Does my company need a data-protection risk assessment?
As a rule, yes. An assessment identifies what data the company processes, where the weaknesses are and what documentation is missing, before a complaint or an inspection by the CNPD. The work is practical and tailored to the company, not a theoretical exercise.
Is my SME required to have a whistleblowing channel?
It may be. The obligation to have an internal whistleblowing channel depends, among other criteria, on the company’s number of employees. We assess case by case whether your company is covered and, if so, help implement a compliant channel.
What does PREISA’s compliance support include?
Internal audits, policies and regulations, GDPR documentation, subprocessor agreements, team training, and ongoing support to respond to data-subject requests, incidents and inspections as they arise.
Let's talk

Does your company need legal support? Let's talk.

Av. Dom João II Nº 12, 1.º Esc. 1, 1990-091 Lisboa

paula@preisa.pt

Contact PREISA