Data Protection and IT Governance

fact technologies services.

GDPR Compliance

The General Data Protection Regulation has set out very precise requirements on the management of personal data. If you are an existing company which is not yet fully GDPR compliant or a new organisation, FACT Technologies can assist you in achieving and maintaining GDPR compliance by carrying out an analysis of your data handling and retention processes, and establishing were these need to be changed to achieve the required GDPR compliance.

External DPO

We understand that not all organisations are large enough to employ a full-time Data Protection Officer to be responsible for all data protection and GDPR related matters. FACT Technologies is able to provide one of its expert consultants on an ongoing basis to act as your company’s DPO and provide all the required guidance that your business requires when it comes to your data protection and privacy.

IT Governance

Our security team is able to review your security architecture and map it to your business needs based on best frameworks, to ensure that your security architecture serves your business objectives and is aligned to it.


Many of our clients are actively seeking new ways to mature their information security and governance posture. To that end, the consulting team at Fact Technologies encourages our clients to move along our GRC maturity curve where the processes of Governance, Risk and Compliance are improved, strengthened and made more resilient in the face of threat actors and ever-increasing compliance demands from Government regulations, industry requirements and corporate reputation.

The processes that sit behind Fact Technologies Governance, Risk and Compliance services include:


The establishment of policies, procedures and processes that enable continuous monitoring of the security controls implemented within a business. This includes the mechanisms required to balance the powers of the management team to the primary duty of enhancing the prosperity and viability of the business.


A probability of a threat materialising and the assessment of the impact that an adverse event would have on a business. By undertaking a risk assessment, the aim is to minimise the threat and to reduce the impact of a future event.


Enabling an organisation to achieve baseline control requirements through certifications to ISO27001, PCI DSS, SSAE16 (ISAE 3402) that meet the requirements of accepted practice, legislation, prescribed rule, standard or the terms of a contract. Fact Technologies also advises on legal and regulatory matters such as:

  • SSAE16
  • ISO 27001/2
  • Capability Monitoring Assessments
  • Risk Assessments

  • Business Impact Assessments
  • Remediation
  • Threat Capability Assessment

Our consultants help to drive best practice, achieve good governance, reduce and mitigate risk and achieve compliance, in many cases driving competitive advantage in tandem.

Language »