Case Studies
Real-world examples of GDPR compliance and DPO implementations
Our Case Studies
Explore how organisations across sectors and geographies successfully implemented DPO services and achieved GDPR compliance. Filter by entity type, sector, or geography.
Portuguese Regional Health Centre
Challenge
A regional health centre with 800+ employees and 500,000+ registered patients lacked formal GDPR compliance processes and data breach response procedures. Patient data was dispersed across multiple systems without unified governance.
Solution
We appointed an external DPO, implemented unified data governance, established DPIA protocols, and created data breach response procedures. Staff training covered GDPR and patient privacy rights.
Services Used
External DPO (part-time), GDPR audit, staff training, DPIA support
Portuguese Fintech Company
Challenge
A fast-growing fintech company processing customer financial data across Portugal and Belgium struggled with regulatory compliance in multiple jurisdictions and lacked clear data handling policies.
Solution
Implemented Group DPO model coordinating across PT and BE operations. Established data processing agreements with processors, created multi-jurisdictional compliance framework, and appointed local data protection contacts.
Services Used
Group DPO services, EU Representative (Brussels), compliance audit, multi-jurisdiction guidance
US Technology Company - Portuguese Operations
Challenge
A US-based SaaS company offering services to 10,000+ Portuguese and European customers needed to establish EU Representative and implement Schrems II-compliant data transfers while managing global data governance.
Solution
Appointed EU Representative in Portugal, implemented Standard Contractual Clauses with supplementary measures, conducted Transfer Impact Assessments, and provided global DPO support coordinating with group headquarters.
Services Used
EU Representative, DPO consulting, Transfer Impact Assessment, international data transfer support
Portuguese Retail Corporate Group
Challenge
A retail group with 5 operating companies and 2,000+ employees across Portugal needed unified data protection governance while maintaining operational autonomy for each subsidiary.
Solution
Implemented Group DPO model with Group Privacy Policies, centralised compliance monitoring, and local privacy contacts in each subsidiary. Conducted group-wide GDPR audit and created standardised DPA templates.
Services Used
Group DPO services, audit, compliance framework, staff training across entities
Portuguese Public Procurement Authority
Challenge
A government procurement authority handling contractor data, bidding information, and supplier data required DPO appointment, formal governance, and compliance with Portuguese public procurement data protection requirements.
Solution
Appointed part-time DPO, developed procurement-specific privacy impact assessments, established data breach response procedures, and provided training to procurement staff on GDPR and public law requirements.
Services Used
DPO appointment, DPIA development, public sector compliance, staff training
Multi-National Consulting Group
Challenge
A consulting group with offices in 15 countries, including Portugal and Belgium, needed to implement Binding Corporate Rules (BCRs) and manage data transfers across jurisdictions whilst maintaining local compliance.
Solution
Developed and submitted BCRs to CNPD and relevant authorities, established Data Protection Framework Agreement, appointed Group DPO with local representatives, and implemented SCCs for non-BCR transfers.
Services Used
Group DPO, BCR development, international transfer mechanisms, EU Representative support
Ready to Implement GDPR Compliance?
Whether you're a public entity, private company, or international group, our DPO services can help. Contact our team to discuss your specific needs.
Get in Touch