Home / Cases & Testimonials
Experiences from practice
A selection of engagements Jeroen Dubach has carried out via The Data Compliance Builders and previously as a consultant — at multinationals, public authorities and scale-ups.
In their own words
Jeroen got our privacy position fully in order in six months. No thick reports gathering dust — just a system that works and that we can maintain ourselves.
As an interim DPO I needed a sparring partner with real legal depth. Jeroen engages actively, is directly reachable and knows exactly how the regulator thinks. I recommend him to any organisation serious about compliance.
What sets Jeroen apart is his ability to translate complex regulations into something our teams can actually execute. He is not just an advisor — he works alongside you until it really sticks.
Experience at leading organisations
From international supply chains to national regulators — a selection of engagements Jeroen Dubach has carried out as a privacy consultant and project manager.
In collaboration with Internal Audit, conducted a GDPR audit to assess the privacy compliance level of various banners within the Ahold organisational structure. Subsequently worked directly under the various management teams to resolve identified audit findings.
Acted as project manager, steering various teams and business units in line with agreed management action plans and established deliverables.
As Privacy Compliance Consultant, conducted a full GAP analysis based on the BC 5701 Privacy Seal framework. Advised management on the steps required to achieve the desired maturity level in privacy compliance.
Responsible for a team of 6 consultants working to raise the privacy maturity level of the Records of Processing Activities for all legal entities of IKEA Supply, spread across multiple countries worldwide.
Developed project approach, implementation plan and roll-out schedule, built a maturity scan and risk assessment, and established an IKEA-wide SteerCo for progress reporting. Also involved in operational activities including data breach handling and keeping privacy notices up to date.
Delivered a Privacy Control Framework, Privacy Governance Model and GAP Assessment based on GDPR and ISO 27001/27002/27701, making privacy compliance measurable and transparent for Evides and related entities.
Acted as Compliance Coordinator (DPO) throughout the engagement, including conducting Pre-DPIAs, DPIAs, DTIAs, handling and reporting data breaches, and acting as contact point for the Dutch DPA. After appointment of a permanent DPO, onboarded and mentored that person.
Supported as privacy officer during the transition of social care services (WMO and Debt Assistance Act) to a new centralised neighbourhood contact point — the Amsterdam Neighbourhood Teams.
Responsible for conducting risk analyses (VRA, DPIA, URA based on BIO), coordinating with internal stakeholders (Data Protection Board, DPO, Steering Committee) and external parties (lawyers, Neighbourhood Team directors, consultants).
As interim DPO within the Change process, developed a Privacy Compliance Framework (PCF) and Maturity Model to make compliance with privacy regulations measurable. The PCF is based on GDPR, ISO 27001/27002/27701, BIO 1.04, Norea and CIP.
Also delivered a comprehensive Privacy Governance Model, conducted a GAP analysis and wrote an implementation plan. Conducted Pre-DPIAs, DPIAs and DTIAs, handled and reported data breaches, and acted as contact point for the Dutch DPA.
Via Considerati, led GDPR implementation projects as project manager at several major Dutch utility companies: Essent, Vitens, Evides and Stedin. Each engagement involved fully establishing the privacy compliance structure ahead of GDPR's entry into force in May 2018.
Recognise your situation in one of these cases?
Schedule a free 30-minute consultation. We assess your situation and give you directly actionable advice.