We help our clients and partners to achieve their business goals while addressing ethics, privacy and cybersecurity concerns in a manner that prevents conflicts, sanctions and loss of money derived by the lack of ethical and legal compliance to national and European applicable regulations. All information technologies must respect human fundamental rights and ensure the rights of people in relation to the protection of their private life, personal data and freedom. The new EU General Data Protection Regulation (GDPR) that replaced the Data Protection Directive in all EU member states on May 2018 introduces many new obligations for companies and a comprehensive set of rights for data subjects, including the right to an effective judicial remedy against a controller or a processor and the right to compensation. Therefore, in addition to being at the receiving end of an enforcement action, data controllers and processors may be subject to court proceedings and have to pay compensation to data subjects for their infringements of the GDPR. Our approach to help our clients to avoid this kind of issues consists of a holistic service composed by the following main components: providing a Data Protection Officer to drive the organization’s legal compliance action; mapping the data processed by the organisation to measure its impact on the ethical principles and legal framework; assessing the cybersecurity mechanisms used by the organisation technologies; conducting an impact assessment for all data processing mechanisms identifying ethical, legal and security risks; making recommendations for the implementation of the organisational and technical means to be compliant with the legal framework while ensuring data confidentiality (preserving authorized restrictions on information access and disclosure, including personal privacy and proprietary information protection), integrity (assurance that data is not modified or deleted in an unauthorized and undetected manner), availability (ensuring there’s timely and reliable access to and use of information) and accountability (supporting non‐repudiation, deterrence, fault isolation, intrusion detection and prevention, and after‐action recovery and legal action).