DPIA for an eCommerce Fidelity Program


The client – an eCommerce business based in Bulgaria, launched a fidelity programme that needed to be compliant with local and EU rules.

Firstly, it was necessary to understand the impact of the GDPR on their project. Secondly, the client requested a detailed action plan outlining the measures to safeguard their customer’s personal data.


A Data Privacy Impact Assessment was performed. Based on this, a new Privacy Policy was drafted. Finally, we created a procedure for consent management and provided a cloud-based solution for treating data subject’s requests.


To comply with Article 35 of the GDPR, a Data Privacy Impact Assessment was performed.

Privacy Policy

In accordance with Article 12 of the GDPR, a new Privacy Policy was delivered.


Informed Consent management procedures were created to address Article 4 of the GDPR.

Data Subjects

A cloud-based solution for data subject’s requests helped comply with Articles 12-23 GDPR.

Facing similar challenges?