Our Approach
NeedUs - Information Privacy, Data Protection, Business Processes Data protection is more than a set of rules, it is also about values and responsibility. It requires recognition, commitment and sponsorship by the C-level of a company to get privacy culture integrated and as part of a company’s daily behavior, it means continuous efforts. It’s not just about compliance, but a matter of reputation and trust, so a competitive advantage.

We are willing to do business with such responsible companies and therefore, it is nice to meet you!

First, we conduct a preliminary study on your current compliance status to understand what are your strengths and weaknesses and identify how we could help you.
This is an important step, as it will be the basis on which we determine what you would need, so make our proposal to best suit you.

Next, we deliver personalized training session for key C – level management representatives of your company to help them understand what our main findings were.

Then, we send you a personalized offer, based on our findings. It may include project-based items, as well as services and our general terms as we would like to support you for a well-informed decision.

NeedUs Founder

"As founder of NeedUs I support responsible organizations to achieve Privacy and Data Protection DNA through infiltrating it in their processes and culture. I believe in high ethical approach being the basis for any endeavor, so willingness to respect human rights in the course of your business is where our conversation starts. Compliance is a practical matter and I know how to get you through achieving it, but you need to have the right attitude to keep it sustainable for the time after.”

Tsvetina Lungarova, CIPP/E

Tsvetina is a certified information privacy professional (CIPP/E) with 360° Business Administration background (Business Process Management; Law; IT; Accounting; Facility Management; PR, Sales & Marketing). She is teaching International Business Projects in Faculty of Economics and Business Administration of Sofia University and is currently doing a PhD. in Industrial Economics with research focus on Business Process Restructuring in SME’s triggered by GDPR in the context of Industry 4.0.

In the past 15 years Tsvetina has been deliberately building comprehensive BA profile through mapping of both education and practical experience in its key domains in various industries (Legal Services, Cloud Services, Real Estate, Event Management, FMCG, Engineering & Manufacturing and Healthcare).

In the context of the ongoing global digital transformation in the past couple of years she has leveraged on her BA expertise by building strong knowledge and competence in Privacy and Data Protection in local and international environment with special focus on privacy program management and breach response management.

Open CV
NeedUs - Information Privacy, Data Protection, Business Processes
Specific requirements under GDPR regarding the appropriate profile of a DPO are present and fines to companies that do not comply to them have already been issued in various countries. According to Article 37 of the regulation “The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.” where it is also mentioned that “The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.” which means that whoever takes the role should not only be an expert on data protection, but must also be capable of understanding the industry specifics in order to properly assess the nature and the risk of the processing activities in a particular company.

Personal data flows through each and every cell of an organization by it’s business processes and information systems. Addressing data protection is therefore, not a pure legal, IT or any specific domain’s issue – it requires distinct set of competences for each particular context / industry.

Our core team represents a mixture of experienced professionals with different backgrounds and is complemented by a variety of external experts from many industries that advise us when we need to deep dive in a specific field so we ensure we fully understand any topic and provide competent advice to our clients. We do not just offer you a DPO as a service, but an entire privacy team, instead.

Knowing your operations is the key to any privacy and data protection expert or a team to effectively advice you. This means these people should know how business is done, how it works, not just the rules that seems too abstract when disconnected from a certain reality, but make so much sense when got applied to any of your operations.

Our strategic decision to create and maintain a network of not only privacy professionals in various sectors, but also IT, Marketing, Finance experts etc. is how we understand responsibility, high service quality, agility and competitiveness.

How we see it?
NeedUs - Information Privacy, Data Protection, Business Processes Not a checkbox exercise. To be compliant you need to make sure data protection gets addressed in the full scope of your daily operations. Translated to practical language it means that you need to get all your business processes and systems reviewed and updated with regard to all data protection principles and considering all data subjects rights. Not just once. Anytime you are changing anything or planning of initiating something new. This is not a pure legal thing, nor an IT- it requires complex background and skill set.

The main challenge for many to comprehend GDPR is because they seek to find exact written rules for their particular situation and then apply it 1:1. This is not the case. Considering the fast-changing digital environment it would be just impossible an exact set of rules to get implemented as the next day it will be out of date. What this regulation does is that it sets out the principles of responsible behavior when processing personal data in any way or by any technology. It requires you to think: analyze your particular circumstances, considering those principles, put in place (document) your considerations and the outcome of it and only then if it is not a high-risk activity to proceed. This is how an organization could perform in a self-cautiousness manner.

A competitive advantage – as we are now in the so-called “digital age” and the concept for free movement of people and goods applies to data as well. Trust is the foundation of doing business and if you are willing to operate in the EU market you must be also aware of what the “digital single market” is. One of its’ main pillars is the harmonization of data protection rules across the EU. If you used to think about GDPR as an administrative burden in a way – think again as it:

i) clears your path to other markets;

ii) enhances trust of potential end users from other countries (as they know that the same rules they used to know are applicable to you);

iii) makes it more difficult to your competitors to operate as not only data subjects but potential partners and b2b customers are not willing to take the risk of working with non-compliant companies.

Important information
NeedUs EOOD is a registered trade company, not a legal services provider. NeedUs uses this website or its’ social media profiles to present its work or useful information from other sources through widely used channels. The ideas and views expressed by the NeedUs on this website and/or social media are for information purposes only. No communication through this website or social media shall be deemed to constitute legal advice on behalf of the NeedUs.