With the help of Excis, your business can obtain international privacy compliance!

The world of business is complex and in today’s connected world there are many things to think about. Companies need to consider relevant laws wherever they trade. These laws have a common foundation, yet they differ from country to country.

With the onset of more stringent data protection legislation and new technologies, there are a lot of issues to consider in order to be compliant. Data protection laws affect the full organisation, its products and the business lifecycle. In today’s legal world, you need cross functional skills to address legal issues. These skills include security, IT, legal, marketing, sales and product development. For example; the GDPR and other legislation require organisations to undertake a Data Protection Impact Assessment (DPIA) to understand privacy risks and to build mechanisms to implement ‘Privacy by Design’.

DPIA’s are complex, time consuming and a thorough technical (business, security etc) and legal understanding is needed for them to be valid. DPIA’s touch upon the full data life cycle across the business and sometimes into the supply chain. Customers are also placing demands on their suppliers and if the supplier is an intermediary or if they host their services on another supplier’s platform, then customers may want more than can be met by the initial supplier. For example, many suppliers rely on companies such as Google, Amazon, and SAP for cloud services. Each has their own terms and they typically transfer all risks back to their customers and leave them little room for negotiation when they contract with their customers. This is the case when you want to buy many cloud-based applications or subscription services. Excis are “Technical” Legal experts.

We have a team of qualified Lawyers, Data Protection and Security Consultants who are cross functional and are well versed in helping our customers with legal and technical issues around data protection. We assist them in recognising what is important and then act on their behalf to ensure risks are dealt with and an appropriate legal mechanics are put in place to be compliant with applicable law.

The Benefits Realised

  • Ensure that your contacts, software and contracted cloud services are GDPR / privacy / applicable law compliant;
  • Have a stronger contract negotiation / bargaining position by understanding the implications and outcomes of a contract;
  • Create a third-party supplier surveillance program and be able to provide supporting evidence of cloud contract compliance to your customers;
  • Be able to minimise and mitigate risks to your data, services or that of your customers from your cloud suppliers and their respective supply chain;
  • Understand your contracts and be able to insure against any problems or issues that may occur;
  • Reduce the high costs of retaining internal skills and resources and pay only for services that you consume;
  • Obtain insights for your overall information security and privacy posture based upon current or emerging legislation and many years practical knowledge,
  • Improve your reliability and availability of systems and data by understanding how your contracts, products or services are impacted by legal matters,
  • Be able to evidence that the appropriate due diligence has taken place and that legal matters have been factored. This will help organisations to be in a legally defensible position and can limit any potential fines from Supervisory Authorities in the event of a breach,
  • Offer your customers terms that match your contracts or that offset any risks, reducing your exposure and giving your customers confidence in your offering.

How Excis can Help

Privacy legislation has changed the balance of power with regards to responsibilities for security and data protection. If you handle personal data, you are now responsible for it and can be penalised if you do not abide by the law, whether you are a controller or a processor. If you do not understand this, then you can be on the back foot and can have huge financial exposure without knowing it.

The costs of in-house legal teams can be high, and many corporate lawyers are not exposed to the many areas of privacy and security legislation that the external providers like Excis are. This means that not only are there gaps, there can be limited knowledge and understanding on these matters that can affect your compliance and legal defensibility.

Excis are privacy and security experts and have many years of hands-on expertise working with the associated legislation. By working with a team of international lawyers, data protection and security professionals we have assisted many of our customers in procuring or developing the right products, becoming compliant or assisting in deals and in entering new markets. We have advanced expertise in cloud contracts, and we are currently one of the only organisations in the EU who are specialists in cloud privacy and have certified audit leads who can audit cloud security, privacy as well as understand the implications of any legal terms. This means that we can assess systems, products, companies and / or their suppliers against the GDPR within traditional businesses with data centres and new world enterprises based on cloud.

We can quickly identify gaps to manage and mitigate your risks. Excis offer several approaches to our customers for legal services.

The ideal time to get Excis involved is before you develop a new product, enter a new market, buy or subscribe to a new cloud-based service or prior to a new legislation coming into force.

Another key area where Excis Legal Services can get involved is a contract with a supplier or customer before a contract is agreed or discussed. We can advise you of the benefits or disadvantages of any of the above and we can then assist you in getting what you need to attain the best solution to your needs.

Another option is for Excis to review your existing product, service or contracts to determine any inherent risks against current or emerging data protection or compliance legislation. This way we can advise you on the best ways to offset any risks within your organisation, supply chain or customer base. This will help you with strategy, budgeting and ongoing compliance.

Excis can also train your legal team in technical privacy, security, compliance and data protection. As an organisation you may have an understanding of legal aspects, but this may not be the same when it comes to the technical sides (business, security, operations, product etc.) of those legal aspects. We specialise in bridging the gaps so that you get end to end compliance as an organisation and offer several services in this space.

When you engage with Excis we will explain our processes and services as they are specific to your needs and we aim to be efficient and to bring you the maximum benefits. Typically, we can determine your needs and guide you through your journey after an initial assessment. We will identify key issues, provide expert advice and recommendations to address any issues that you may face.

Services Offered:

  • Data Protection Officer (DPO) as a service;
  • Privacy and data protection applicable law gap analysis;
  • Contract writing, review and negotiation;
  • Assistance in entering new markets, focusing on privacy and compliance;
  • Data breach assistance, covering incident, analysis, reporting and follow up;
  • UK and EU representative services;
  • Legal advice on data protection, applicable law, security and privacy matters;
  • Data Transfer Agreements
  • Legal assessment of organisational and technical measures for GDPR / Privacy compliance


Please email: contact@excis.co.uk or call +44 (0) 1622 926 312 for more information.