Dear,
Compliance with privacy regulations, particularly GDPR, is all about (i) knowing what data you have (where it comes from, where it goes, where it stays, for how long etc.), (ii) making sure you have a good purpose for processing the data you collected, and (iii) doing that in a secure manner. The best way all of this can be done is by maintaining accurate, up-to-date documentation allowing you to monitor the flow of information throughout your organisation and, if need be, utilise software solutions to execute specific tasks such as data subject requests or else.
Regarding the Terms & Conditions, refining the business' goals and position/risk profile is essential as this will inform the types of clauses we would need to insert.
I am an admitted Fellow of Information Privacy (FIP), designation awarded by the International Association of Privacy Professionals (IAPP) in recognition of the experience & expertise I have demonstrated in the privacy community throughout the years. I also hold several professional certificates, including the Certified Information Privacy Manager (CIPM) & Certified Information Privacy Professional - Europe (CIPP/E) credentials, as well as a law degree (LL.B.) from Lancaster University, UK.
Reach out and we can schedule an initial free consultation to kick-start our work together.
Damyan