top of page

I specialize in delivering comprehensive privacy and information security services with a strong focus on product enhancement. My services are designed to align with regulatory and audit standards, ensuring your products and services not only meet compliance requirements but also gain a competitive edge in the market. Leveraging my extensive background in engineering and IT, coupled with years of experience collaborating with diverse early to mid-stage companies, I bring a unique blend of expertise to the table. My goal is to provide your organization with cost-effective and pragmatic solutions that not only fortify security but also elevate the overall functionality and appeal of your products and services to users.


  • Comprehensive gap assessments based on your regulatory requirements and risk profile.

  • Drafting and advice on Privacy Notices in preparation for client’s internal legal review

  • Analysis of existing and planned use of cookies, including drafting cookie notices, implementation of cookie banners and controls, and verification of compliant functionality

  • Creation of Data Processing Agreements (DPAs) as required by the GDPR, CCPA, and other privacy regulations in preparation for client’s internal legal review

  • Management of sub-processors, including requesting and processing DPAs from vendors, maintaining public-facing subprocessor lists, and notifying customers about pending sub-processor changes

  • Development and maintenance of Records or Processing Activities (ROPAs)

  • Drafting of Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), and Transfer Impact Assessments (TIAs), when required.

  • Design and operation of Data Subject Rights (DSR/DSAR) processes to ensure user data requests are managed efficiently and responded to in a timely manner.

  • Development of design of efficient and practical incident response plans

  • Guidance on privacy-first UX design for collecting personal data from your users

  • Assessment for the ‘Security of Processing’ requirements of Art 32 of the GDPR, ensuring they align with your current information security program

  • Through my partnership with the EDPO, I offer assistance with setting up Article 27 Representation, which your company may be required to implement.

  • On-going privacy program management as your fractional DPO, including privacy inbox management and responses, and ensuring changes to the privacy regulatory landscape are monitored and incorporated into your privacy program.

Information Security
  • Comprehensive gap assessments against established audit standards, including SOC 2 and ISO27001

  • Providing project management oversight as you conduct format audits

  • Drafting comprehensive security documentation as you build your Information Security Management System and work through your audit process.

  • Developing Disaster Recovery and Business Continuity plans

  • Assisting with inbound information security assessment from your prospects, helping manage apparent gaps, and managing required remediation. 

  • Advising on the implementation of security-related products and services such as single sign-on, hardware passkeys, device hardening, MDM, etc.

DISCLAIMER: We are not lawyers, nor a law firm and do not engage in the practice of law. Simon Wynn Consulting cannot and does not provide legal advice or legal representation. The services we perform are not intended to be a substitute for a lawyer or professional legal advice.

bottom of page