What are you looking for?

The bedrock of your business

Building confidence in change

Risk, resilience, and compliance form the bedrock of any successful organization. They play indispensable roles in ensuring long-term prosperity, stability, and viability. Robust cyber security and business continuity measures can bolster your organization’s resilience, enabling it to anticipate and navigate potential disruptions effectively. Compliance ensures that the organization operates within legal boundaries and can reduce risks. Giving you confidence. By combining all three, we empower you to thrive in an ever-changing and competitive landscape. 

 

 

Get started

Protecting What Matters Most

Every organization depends on digital systems, data and trustworthy operations. We help you:
• identify and prioritise risks
• define concrete protective measures
• embed governance and accountability in daily operations

Our approach goes beyond frameworks and tools: we help your teams build resilience into how they work and think. From cybersecurity strategy to IT risk governance, business continuity planning, implementing change regarding people, organization, process and technology and compliance with digital legislation, you get advice that is actionable and tailored to your organization’s reality.

How we do it

  • Doing the Right Things, the Right Way

    Technology moves fast. We help you stay in control by navigating new opportunities within what’s possible, lawful and ethical. Organizations increasingly ask: what regulation is coming my way, what is the impact and what should I do? Highberg translates complex legal and regulatory frameworks such as GDPR, NIS2 and the AI Act into practical implementation pathways. We explain obligations in clear language, map legal and ethical risks with stakeholders and help you take concrete next steps.

    We also support combined mandatory assessments (such as Data Protection Impact Assessments – DPIAs and fundamental Rights Impact Assessments -FRIAs) in a way that accelerates progress rather than causing delay. Responsible-by-design is our way of working: we integrate legal, security and ethical perspectives into governance, product development and operational processes. We focus on what organizations must do to manage risk responsibly while enabling innovation in products and services.

    Responsible-by-design is not a slogan, it’s part of the way we help you deliver lasting value, trust and accountability.

  • Empowering Secure and Resilient Organizations
    Security breaches, hacked systems and compromised data show how quickly threats evolve. Today’s risks move differently from traditional IT incidents: vulnerabilities can emerge anywhere in the world and reach your environment within hours, long before vendors can respond. Once breached, an organization can unintentionally become a source of further spread affecting your clients. At the same time, new technical threatscontinue to grow in scale and impact. We help organizations anticipate these threats, strengthen resilience and respond with clarity and speed. 

  • We make privacy practical and advice in the spirit of the privacy legislation
    Our experienced advisors excel in distinguishing the meaningful aspects from the perceived unnecessary complexities of the General Data Protection Regulation (GDPR). Employing a risk-based approach, we consistently deliver tailored, concrete advice. We ensure that privacy positively contributes to achieving your organizational objectives. It’s important to us to provide you with tailored and concrete advice. That’s why you can turn to us for various privacy-related challenges. We will help you assess the privacy maturity of your organization, assume the Data Protection Officer (DPO) role for your organization and offer customized privacy training.

  • Staying Ahead of Regulation in the Age of AI
    AI is becoming embedded in daily operations, but its responsible use brings  challenges around transparency, data protection, ethical decision-making and accountability. With  the EU AI Act, organizations  must  be AI literate, understand how their algorithms work, ensure that data is used responsibly and document risks and controls throughout the lifecycle of AI systems. This requires coordination between technology, legal, securityand the business. We help organizations translate regulatory requirements into practical guidelines, governance, robust processes and clear oversight, so they can innovate with confidence and stay compliant as AI evolves.

Book your discovery call

Want to know more about Risk Resilience and Compliance?

Reach out to Frank Stay in touch
Frank has over 25 years of international experience in auditing and business consulting. He started his career as a trainee and worked seven years for a big 4 firm on IT Security and IT audit work for international clients. In 2005 he started as an independent Project Manager on security programs for ING and Shell. After that, he started an advisory firm which he sold after three years, to join Siemens to work as a Manager at the global IT audit department in Munich. After joining VKA (now Highberg) in 2011, Frank combined working as a Management Consultant with building and developing internal practices. First the cybersecurity practice, currently the Privacy and Data & AI practice. Frank has a strong focus on business development. He is a productive writer of books, whitepapers and blogs, is an experienced speaker and teacher. Within Highberg, he is coaching several young professionals on development of their commercial skills. Want to know more? Connect with Frank on LinkedIn.
  • Frank.vanvonderen@highberg.com
  • 310612557358
Get to know Frank
Frank van Vonderen
Partner

Stay informed

Highberg advisors share insights and expert advice. You can also learn more about the latest trends shaping your industry.

Related insights
Article
5 months ago | 5 min read
Moving Beyond Compliance

As digital threats become more frequent and complex, many organizations are feeling the pressure to comply with a growing web of laws, regulations and standards. Fear, Uncertainty & Doubt (FUD) reporting in the media fuels this pressure. The board and senior management often have the idea that this compliance first approach at least gives effect to their duty of care responsibilities. Yet, a "compliance first" mindset—where ticking boxes and meeting regulatory demands take precedence—can create a false sense of security. True resilience requires a holistic, resilience-first strategy. One that goes beyond compliance and embeds operational resilience into the DNA of the organization. At Highberg, we help organizations make this crucial shift, ensuring organizations are prepared not just to pass audits, but to withstand and recover from real-world disruptions.
Article
7 months ago | 4 min read
Grip and Value: Balancing Defensive and Offensive Data Management

Your organization has more and more data available, yet it remains a constant struggle to use this data strategically while also complying with regulations. One team focuses on innovation and dashboards, while another worries about GDPR compliance, data quality, and audit trails. The reality is that without balance between control and utilization, the promise of data-driven work remains largely theoretical.
Article
2 years ago | 7 min read
Security policies and frameworks for data pipelines in the public sector

Data pipelines are essential components of modern governmental operations. They facilitate the flow of information between (governmental) organizations, departments, and systems, ensuring efficient functioning of the government. With increasing digitization and data usage, vulnerabilities in the data pipeline have become a critical focus. Challenges, risks, and strategies for keeping government data pipelines secure are explored in detail here.

Related services

Digital, Data and AI
Learn more
Also of Interest