Services
Outsourced Data Protection Officer
An outsourced DPO can provide a significant costs saving for many businesses that do not require a full-time in-house DPO, allowing businesses to comply with regulatory requirements in a more cost-effective way.
Services include registration with the Data Protection Authority (for example, IDPC in Malta, ICO in UK, CNIL in France, AEPD in Spain), monitoring DP mailboxes daily, liaising with the regulator (complaints and/or requests for statements), assisting you in responding to Data Subject Access Requests (DSARs), RTBF (erasure requests), performing Legitimate Interests Assessments (LIAs), assisting with DP aspects of onboarding new suppliers, data protection policies & procedures (eg data protection policy, data retention policy), data audits and remediation work and guidance on the Record of Processing Activities (ROPA).
GDPR and Consultancy Work
- Gap Analysis and Compliance Reports.
- GDPR audit & remediation work
- Data Protection Impact Assessments (DPIA), and AI focussed DPAIs.
- Drafting Policies and Procedures such as Data Protection Policy, Data Retention Policy, IT Acceptable Use Policy, AI Acceptable Use Policy.
- Drafting and assisting with the ROPA and data mapping.
Public Procurement - Applying for tenders?
Tender applications typically include a robust section on GDPR to ensure that those applying for public sector contracts have business practices that are fully aligned with GDPR requirements (especially taking into consideration any local laws in this area). We are able to assist by drafting an audit response and preparing any policies/procedures and advising with any implementation needed to put your business into a compliant position.
Specialist GDPR industry advice
We have particular expertise in iGaming (across international markets) and healthcare industries as well as public sector.
AI Compliance
The EU AI Act is being implemented in phases from 1 August 2024 to 2 August 2026, with key provisions starting to apply from mid-2025. Businesses should be aware of the compliance obligations and when specific requirements will take effect, depending on the classification of their AI systems.
Non-compliance with the EU AI Act can lead to substantial penalties. For the most serious breaches - such as the use of prohibited AI systems - fines can reach up to €35 million or 7% of global annual turnover, whichever is higher. These penalties exceed those under the GDPR.
Since enforcement will, in many countries, be handled by Data Protection Authorities (DPAs) and other national regulators, businesses should be prepared for active oversight and the real risk of sanctions if violations are identified.
Noetic helps organisations clearly understand their obligations under the AI Act, prepare for compliance in simple, practical terms, and offer detailed support on risk assessments, including Fundamental Rights Impact Assessments (FRIA) and Data Protection Impact Assessments (DPIAs).
Authorised Representative Services (GDPR)
For organisations established outside the EU that offer goods or services to individuals in the EU or monitor their behaviour, the General Data Protection Regulation (GDPR) requires the appointment of an EU-based representative. Noetic, established in Malta and led by experienced privacy professionals, can act as your official Authorised EU Representative under Article 27 GDPR. We serve as your point of contact for EU data subjects and supervisory authorities, maintain required documentation eg the Record of Processing Activities (ROPA), and ensure your business stays aligned with EU data protection obligations.
Authorised Representative (EU AI Act)
Under the EU AI Act, from 2 August 2026, providers of high-risk AI systems located outside the EU must appoint an EU-based Authorised Representative before placing those systems on the EU market. For providers of GPAI systems, the requirement is already in force. Noetic, based in Malta, can act as your designated EU Authorised Representative, serving as a point of contact with Competent Authorities in the EU at both Member State level and EU level, supplying technical and conformity documentation upon request, as well as complying with the requirement to register any high-risk system in the EU database.
Failure to appoint an EU Representative when required carries fines of €15m or 3% of global annual turnover for the preceding year, whichever is higher.
Training and Awareness
We provide training & awareness solutions in relation to AI and GDPR compliance including basic training that employers can roll out to staff such as 30 minute essential training with short assessments at the end. We can tailor these to your particular industry.
We can also provide more in-depth training eg one hour pre-recorded training sessions, tailored to your business, that can be delivered to all staff by Teams and used again on an annual basis (subject to no significant changes in the law).
Additionally, we provide small add-on training for areas of the business that represent a larger risk in terms of GDPR or AI.
Businesses should be aware of whether shadow AI is operating in their business and how the risks associated with this can be effectively mitigated, eg through awareness campaigns and amendments to the IT Acceptable Use Policy.