GDPR Compliance


Since the onset of the GDPR (which complements other privacy and data protection laws /regulations), and with the introduction of hefty fines for non-compliance, adherence to one’s legal obligations is a necessity. The ARQ Risk & Compliance team provides ongoing advisory services to assist entities in different sectors in this regard.

The strengthening of the data protection regime under EU law means that all entities that handle personal data are now subject to strict legal obligations on how that data can or should be processed. It is therefore crucial for entities to assess how they are handling the data they hold on employees, suppliers, customers, patients etc. to ensure that they are not breaching these far-reaching laws.

  • Review, testing and revision of internal processes, systems and procedures
  • Updating of company policies and wording on official documents and websites
  • Assistance with the drawing up and management of a remediation programme
  • Guidance and support in data mapping
  • Assistance in the case of data breaches
  • Assistance with the carrying out of Data Protection Impact Assessments
  • Ongoing support to DPOs and senior management
  • Support in dealing with data subject requests
  • Assistance in the drawing up of data processing agreements
  • The carrying out of risk assessments
  • Stress tests, gap analyses and audits
  • Assistance with data portability
  • Review and enhancement of Information Security Policies
  • Drafting of policies and staff manuals
  • Representations with the office of the IDPC
  • Staff training
  • Presentations to boards of directors

How we do it


ARQ’s experienced professionals are able to guide you through a remediation process that incorporates not just the legal aspects of compliance, but also the updating of systems, internal processes, policies and IT infrastructure. Ongoing assistance with any data requests – or other issues that may arise from time to time – are dealt with by our team of professionals having extensive risk, compliance and regulatory experience.

Staff at all levels and across all organisations can benefit from GDPR training by participating in a concise, online and on-demand course (An Essential Guide to the GDPR) that has been developed by our team, which is delivered through our dedicated training division, ARQ Educate.

How can we help you?








    Key Contact

    Manfred Galdes

    Managing Partner
    A lawyer by profession, Manfred Galdes is the managing partner of ARQ and a senior consultant at Fenech Farrugia Fiott Legal.