Home / Services / GDPR Compliance
GDPR Compliance, DPIAs and BC 5701 Certification
Demonstrable GDPR compliance — not just on paper, but in practice. Audits, DPIAs, processing records, breach procedures and BC 5701 certification.
The GDPR only works when policy, processes and technology line up. A processing record that doesn't match actual processing activities, a breach protocol that exists only on paper, or a DPIA archive without follow-up — these are the findings that open an enforcement track at the Dutch Data Protection Authority.
DCBS builds privacy management systems that work in practice: documentation that matches operations, controls that are actually executed, and audit evidence that holds up during inspection.
GDPR building blocks in concert
Five components that reinforce each other: DPIA, breach management, processing records, BC 5701 certification and privacy audits. Not separate projects, but a coherent management system.
Data Protection Impact Assessment for high-risk processing: new AI applications, biometrics, profiling, large-scale monitoring. Methodologically grounded, with concrete mitigations and a defensible residual-risk judgement.
A breach notification procedure that makes the 72-hour deadline of GDPR Art. 33 actually workable: triage path, decision trees for notify/no-notify, and clear role allocation between DPO, legal and business. Includes a tabletop exercise to test the procedure.
A processing record under GDPR Art. 30 that stays current: linked to business processes, with a fixed cycle for updates and review. Not an Excel document that goes stale within four months.
Implementation partner for the BC 5701 Privacy Seal — the first Dutch GDPR certification standard, developed by Brand Compliance and approved by the Dutch DPA under GDPR Art. 42. DCBS guides the implementation track; the certification itself is performed by Brand Compliance.
Independent privacy audit of existing processes, policy and documentation. Privacy policy drafted or revised so that it actually matches the processing activities — and holds up under scrutiny.
New high-risk processing activity
A new processing activity (AI system, biometrics, profiling, large-scale monitoring) is in the pipeline and requires a DPIA before go-live. Internal capacity is missing or the methodology has not been applied to this type of project before.
Supervisory enforcement or audit
The Dutch DPA has issued an information request, a complaint is in process, or an internal audit revealed gaps in policy and documentation. Defensible evidence needed quickly.
Market demand for BC 5701 seal
Clients are asking for demonstrable GDPR certification in tenders and vendor audits. BC 5701 is the Dutch market standard for this — only the implementation is missing.
Concrete deliverables
- DPIA report with methodological grounding and residual-risk judgement
- Breach notification procedure including tabletop test and runbook
- Processing record linked to business processes, with maintenance cycle
- BC 5701 gap analysis + implementation plan + audit-readiness
- Privacy policy drafted or revised and internally approved
- Advisory notes for specific supervisory inquiries or inspections
Four steps
- Baseline & scope — conversation with the client, legal and privacy owners. Determining which component (DPIA, breach, record, BC 5701) is tackled first.
- Inventory & analysis — existing documentation, processes and technology reviewed. Gap between current state and GDPR requirements mapped, with prioritisation by risk.
- Implementation & documentation — documentation is built, processes are set up and tested, key staff receive training. Audit trail remains complete.
- Embedding & handover — annual cycle, review moments and ownership assigned internally. Follow-up on assessment or certification.
Sectors where DCBS runs GDPR engagements
DCBS works for regulators, municipalities, utilities, insurers, retail organisations and international manufacturers. For specific case examples — see our cases.
Start a GDPR compliance track?
Free 30-minute intake call. The conversation explores which component delivers the most value — and what a realistic track for your organisation looks like.