Contact Us

Our Services

Outsourced Data Protection Officer

An outsourced DPO can provide a significant costs saving for many businesses that do not require a full-time in-house DPO, allowing businesses to comply with regulatory requirements in a more cost-effective way. Services include registration with the Data Protection Authority (for example, IDPC in Malta, ICO in UK, CNIL in France, AEPD in Spain), monitoring DP mailboxes daily, liaising with the regulator (complaints and/or requests for statements), assisting you in responding to Data Subject Access Requests (DSARs), RTBF (erasure requests), performing Legitimate Interests Assessments (LIAs), assisting with DP aspects of onboarding new suppliers, data protection policies & procedures (eg data protection policy, data retention policy), data audits and remediation work and guidance on the Record of Processing Activities (ROPA).

GDPR and Consultancy Work

  • Gap Analysis and Compliance Reports.
  • GDPR audit & remediation work
  • Data Protection Impact Assessments (DPIA), and AI focussed DPAIs.
  • Drafting and assisting with the ROPA and data mapping.
  • Drafting Policies and Procedures such as Data Protection Policy, Data Retention Policy, IT Acceptable Use Policy, AI Acceptable Use Policy.

Public Procurement - Applying for tenders?

Tender applications typically include a robust section on GDPR to ensure that those applying for public sector contracts have business practices that are fully aligned with GDPR requirements (especially taking into consideration any local laws in this area). We are able to assist by drafting an audit response and preparing any policies/procedures and advising with any implementation needed to put your business into a compliant position. 

Specialist GDPR industry advice

We provide specialist GDPR advice tailored to industry-specific needs. We have particular expertise in iGaming (across international markets), healthcare, and the public sector, helping organisations meet complex compliance requirements with clarity and confidence.

The Act’s requirements vary based on whether the relevant entity is a developer, a deployer, an importer or a distributer. However, actions such as a substantial modification to the model can cause a deployer of an AI system to be re-categorised as developer (leading to increased compliance obligations). 

Authorised Representative Services (GDPR)

For organisations established outside the EU that offer goods or services to individuals in the EU or monitor their behaviour, the General Data Protection Regulation (GDPR) requires the appointment of an EU-based representative. Noetic, established in Malta and led by experienced privacy professionals, can act as your official Authorised EU Representative under Article 27 GDPR. We serve as your point of contact for EU data subjects and supervisory authorities, maintain required documentation eg the Record of Processing Activities (ROPA), and ensure your business stays aligned with EU data protection obligations.

Training and Awareness

We provide training & awareness solutions in relation to AI and GDPR compliance including basic training that employers can roll out to staff such as 30 minute essential training with short assessments at the end. We can tailor these to your particular industry. 

We can also provide more in-depth training eg one hour pre-recorded training sessions, tailored to your business, that can be delivered to all staff by Teams and used again on an annual basis (subject to no significant changes in the law). 

Additionally, we provide small add-on training for areas of the business that represent a larger risk in terms of GDPR or AI. 

Businesses should be aware of whether shadow AI is operating in their business and how the risks associated with this can be effectively mitigated, eg through awareness campaigns and amendments to the IT Acceptable Use Policy. 

Join Our Newsletter

Stay informed with expert insights on GDPR, the EU AI Act, and tech regulation – delivered monthly to your inbox.