GDPR Implementation

Monitor

Monitor compliance Governance framework. Risk metrics. Processes. Support. Guidance. DPO. Training, awareness, audits. Regulation updates. Validate privacy strategy on regular basis.

Execute remediation plan

Implement actions following priorities. Keep particular attention to: Data protection frameworks. Data protection governance. Privacy by design and by default. Policies and procedures. Awareness. Breaches response. BCR.

Build remediation plan

Build a timeline for actions to perform on the ground of the gap, risk and LOE analysis Final decisions regarding priorities taken in consideration with: The initial project scope. Initial goals. Budget. Resources. People involved and responsible. Priorities for high risk gaps. Provide for longer periods of time for actions ranked high LOE (Level of …

Build remediation plan Read More »

Prioritize objectives and tasks

Conduct Level of Effort (LOE) Analysis Identify remediation action for each gap and estimate Levels of Effort (LOE): Low, Medium, and High. Mapping the Risk Levels to the LOE (Risk / LOE matrix) to visualize your plan’s priorities See Example Risk / Level of Effort Matrix Set of prioritized recommendations and includes the following elements: …

Prioritize objectives and tasks Read More »

Assess the risk

Mandatory security measures depend on risk level. Taking into account the state of the art, the costs of implementation […] the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including” (Article 32 GDPR: Security of processing). Consider areas particularly controlled and subject …

Assess the risk Read More »

Perform a detailed gap analysis

Areas concerned shall include. Transparency. Collection & Purpose Limitation. Consent: How does your organization seek, obtain and record consent? Review your communication (not only digital channels). Which procedure to verify Children’s consent: age and collect parental authorization? Legal justification for processing personal data: Determine legal justification attached to each type of data. Reviewing external contracts. …

Perform a detailed gap analysis Read More »

Explore and understand your data

Execute a detailed data Inventory and discovery Identify the differents kinds of personal data you collect When/Where it is collected from? How do you use it? How/Who do you share it with? Map your data flows. Point of data collection. Touch points shall include sub-processors. Storage, Retention, Deletion. Processing (including also internal systems, service providers …

Explore and understand your data Read More »

Readiness compliance & project scope

Snapshot readiness assessment Understand the GDPR principles Answer key questions Checklist key actions to fit key new requirements regarding Lawful and fair processing Privacy notices Information governance/Accountability DPIA Data Privacy Impact Assessment DPO Data Protection Officer Data breach One-stop-shop International transfer Report results in a pre gaps analysis and key measures Frame the project Bring …

Readiness compliance & project scope Read More »