We work with GDPR, CCPA, LGPD, PIPEDA, and other local laws on personal data protection.

Our clients are representatives of eHealth, digital advertising, HR, AI & Big Data, outsourcing, financial organizations, retail and offline business.

This is not an exhaustive list. Even if your project is out of this scope, feel free to contact us, as we love challenges and will be happy to help.

You can send all your requests by email: a@legalitgroup.com

Personal data protection consulting (GDPR, CCPA, LGPD, PIPEDA, etc.)


Privacy audit

Under privacy audit, we will determine the privacy legislation applied to your company and draw up an action plan to bring the company’s activities in compliance with such laws. Also, we will provide a map of personal data and a list of required documents and procedures.

Privacy audit may be related to specific regulations: for example, under GDPR audit we will create a roadmap only for GDPR compliance. The final document is provided in the form of a pdf consultation. Visitors may order up to three (3) hours of online consultations based on the results of the privacy audit. Privacy audit allows you to move to the next stage – the preparation of documents. The cost of a privacy audit depends on the complexity of the customer’s corporate structure, as well as its business processes related to the processing of personal data.

Contact us to learn more about it.

028-call center

Consultations on privacy related questions

We provide online privacy consultations on specific issues at a pre-agreed price. Your question may be related to the DPA’s terms with the client, the need to develop additional policies for the customer’s audit, or filling in a questionnaire. Sometimes our task is to find out whether the legal basis for data processing is defined correctly or to give advice regarding the consent for data processing. The price depends on the scope and complexity of the task and is based on an hourly rate.


Development of personal data protection strategies and programs for your organisation

Development of comprehensive worldwide privacy programs for international companies. Contact us to learn more.

Privacy documents (policies/procedures) (GDPR, CCPA, LGPD, PIPEDA, etc.)


Privacy documents package

After the privacy audit, it is reasonable to prepare a package of policies, procedures, and other documents which are necessary for your company. The documentation itself can be conditionally divided into the following groups:

  1. Compliance Initiation
  2. Data Collection and Data Transfer Control
  3. Roles and Responsibilities
  4. Data Protection Impact Assessment (DPIA) & Data Protection Officer (DPO)
  5. Security of Personal Data and Data Breach
  6. Privacy Policy & Rights of Data Subjects
  7. Contractors and Client Support
  8. Compliance Evidence

Each of these groups consists of its policies and regulations. The specific list of documents and their content depends on the results of the privacy audit, current legislation, and business processes of the company. Documents are usually written in English, but some of them, such as privacy policy, consent form, or cookies notice, may be adapted to different markets. The cost has to be discussed individually, as such documents are prepared differently for each specific case. As a result of the service, the customer receives a package of documents, as well as instructions for their implementation.


Selected privacy documents

This set of documents is usually published on the company’s website or mobile application; the purpose is to inform users of the conditions of processing their personal data. Companies order such policies to begin the process of privacy compliance. The content and language of the documents depend on the specific case. Contact us to learn more.

The purpose of this document is to regulate the relationship between the two companies regarding personal data transfer. We can prepare a template for such an agreement for you, as well as help with explanations and amendments to such agreement when it was sent to you by the contractor. Contact us to learn more.


Personal data map

(data maps, data inventory);




Video surveillance rules

and other tools for behaviour monitoring (CCTV, employee tracking, background checks, and others);

Assistance in resolving dynamic privacy cases (GDPR, CCPA, LGPD, PIPEDA, etc.)


We work with appeals from data subjects (consumers), contractors, and supervisory authorities


  • assistance during the inspection of documentation by the supervisory authority;
  • assistance during communication with the supervisory authority;
  • assistance in communication with the data subject (end-user, company services consumer);
  • drafting of appeals to the supervisory authority for consultation and assistance in implementing its recommendations;
  • assistance in data disclosure and transfer of personal data controller rights;
  • establishing relationships with the supervisory authority in the country of the new data controller.

We work with contractors on privacy issues (questionnaires, approvals, audits)

    • filling in questionnaires on the issues of proper protection of personal data;
    • passing contractors’ conformity check programs on the compliance with personal data protection legislation;
    • privacy audits of the contractors and other checks on the company’s compliance with personal data protection legislation.

Training and professional development of the team


conducting trainings, workshops, and other forms of education for the team;
assessment of awareness and knowledge of team members about personal data protection issues;
assessment and training of the contractors (suppliers, business partners);
training of the DPO and the company’s privacy team.

As certified professionals, we provide compliance services for the entire life of the project.
We prepare documentation taking into account the requirements of GDPR, CCPA, LGPD, PIPEDA, and COPPA.
We help to convey data protection rules to employees through trainings.
and prepare documentation for disclosure at the request of supervisory authorities or customers,

We assist companies in conflict situations with clients and authorities.
Each document is part of the organisation’s data protection program and reflects its values.


Ask your privacy advisors

Kateryna Dubas
Head of Privacy, CIPP/E

Anton Tarasiuk
Managing partner, CIPP/E

Ihor Kotkov
IT Lawyer

Clients usually request our legal support regarding personal data processing issues in the following cases:

  • the outsourcing company works with personal data of European Union clients and received a personal data protection questionnaire;
  • a product company or a start-up enters the EU/US/ Latam market and process personal data;
  • projects operating in European or American markets add new business processes related to the processing of personal data (or review existing ones);
  • the company plans to conduct a DPIA, PIA or has received a complaint from a supervisory authority or a data subject.


Have more questions? Get in touch with us